Heh.. this is what I get for not following up on a WIP merge... Try the
topic/dopheide/namespace branch of github.com/esnet/binpac_quickstart.
That should allow you to specify Demo::ConnTaste, but it will uppercase
that to Demo::CONNTASTE, which I believe was an old convention.
-Dop
On Wed,
Okay, with your original line for quickstart, this works rather than
Demo::ConnTaste.
bash-3.2# /usr/local/bro/bin/bro -NN Bro::CONNTASTE
Bro::CONNTASTE - This thing analyzer (dynamic, no version information)
[Analyzer] CONNTASTE (ANALYZER_CONNTASTE, enabled)
[Event] conntaste_event
So
I'm sure there is at least one other Carl Sagan fan on list. I feel like if
I wish to make an analyzer from scratch, I must first invent the universe.
-AK
On Wed, Mar 13, 2019, 15:44 anthony kasza wrote:
> I tried changing the name provided to the setup script as suggested. Doing
> so gives me
I tried changing the name provided to the setup script as suggested. Doing
so gives me many errors when I try to ./configure the plugin from within
the conn-taste/ directory. CMake states that DEMO::CONNTASTE-events.bif is
"reserved or not valid for for certain CMake features". It complains about
I believe you want to change this line:
./start.py ConnTaste "Connection Byte Offset Tasting" ...
to
./start.py Demo::ConnTaste "Connection Byte Offset Tasting" ...
-Dop
On Wed, Mar 13, 2019 at 2:35 PM anthony kasza
wrote:
> Many thanks for the quick responses!
>
> I am receiving these
Many thanks for the quick responses!
I am receiving these errors:
```
error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin
Demo::ConnTaste is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
Failed to activate requested dynamic plugin(s).
```
On Wed, Mar 13, 2019 at 10:17 AM anthony kasza
wrote:
> However, the docs don't detail much beyond creating a built in function. A
> colleague pointed me at this quickstart script for binpac:
> https://github.com/grigorescu/binpac_quickstart
>
Oops! Sorry about that. Try this one:
See if this helps:
https://github.com/zeek/zeek/blob/master/testing/btest/plugins/protocol.bro
That may be the most compact tutorial on writing a protocol analyzer
plugin. :)
Robin
On Wed, Mar 13, 2019 at 09:16 -0600, anthony kasza wrote:
> Hello Zeek Devs,
>
> I would like to write a
Hello Zeek Devs,
I would like to write a protocol analyzer and need some direction. I would
like to write something simple which works on TCP, similar to the ConnSize
analyzer. I would like my analyzer to be distributed as a plugin, similar
to MITRE's HTTP2 analyzer, so I am following the docs
