> Is ICMP supported?
No.
> And if not, when?
Probably when someone else contributes a module for doing it. My near-term
Bro development cycles are for adding regular-expression matching. However,
I'm interested in having ICMP, so will probably work on it in the future if
no one else has done so.
Vern
> > Where would I find a list of all of the "events" or public functions
> > which I could use in the scripting language?
>
> These are listed in pub-policy/bro.init (I know, not at all intuitive).
> The next release will have a poiner to that file, and it will be thoroughly
> commented to explain each event.
Thanks, I'll take a look.
I noticed that there aren't any references to ICMP, either in the
source in the .bro's.
Is ICMP supported? And if not, when?
Thanks.
< Paul
> Where would I find a list of all of the "events" or public functions
> which I could use in the scripting language?
These are listed in pub-policy/bro.init (I know, not at all intuitive).
The next release will have a poiner to that file, and it will be thoroughly
commented to explain each event.
> Given that I had a list of "events", what are the variables associated
> with each event that I can access from a script?
Defined in the same place. bro.init lists the type signatures of each
event, i.e. the function parameter names and types.
> Are there any more scripts available?
Just those in pub-policy.
> I've read the paper so I apologize if these are answered in it (I didn't
> see them).
They're not; and in any case, I encourage questions, please ask as they arise.
Vern
Hi,
I'm just getting started with bro. I have bro-pub-0.5a1 running
on Solaris 2.6.
But I have some questions which are pretty simple.
Where would I find a list of all of the "events" or public functions
which I could use in the scripting language?
Given that I had a list of "events", what are the variables associated
with each event that I can access from a script?
Are there any more scripts available?
I've read the paper so I apologize if these are answered in it (I didn't
see them).
I'd like to start writing my own scripts and want to get upto speed
on bro asap.
Thanks.
< paul
