On Jan 21, 2013, at 8:04 AM, Rawi Ramdhan <rawiramdhan(a)gmail.com> wrote:
Im a student at the university of Amsterdam currently
working on BRO in combination with SNORT.
I don't know what you're planning on doing, but have you noticed that Barnyard2
has support for a Bro output plugin? Each alert in the unified2 log file from Snort is
turned into a Bro event.
The following should log all data from 192.168.101.1
with TCP on port 0. And print it in a log file (which one?)
You're using the print statement so it will only print to stdout. You have to use
the logging framework if you want actual logs. :)
And where do I put the script to check the payload
from this data and with that information execute a shell script via piped_exec(program:
string, to_write: string): bool.
Just call your program with the full path in the program field and it should work fine.
International Computer Science Institute
(Bro) because everyone has a network