I was looking at how to extend the get_event_peer() bif to work with Broker events and realized that there's problem I hadn't thought about so far: when a event comes into Bro through Broker, there's no way right now to tell which peer it was sent from. If I'm not missing anything, the event comes only with event name and arguments, but no meta information of any kind that would point to its source.
I think adding such meta information would be quite valuable, however it's actually not trivial to do that, as it would change the signature for incoming events across the whole Broker code base, including language bindings etc. Any ideas? Robin -- Robin Sommer * ICSI/LBNL * [email protected] * www.icir.org/robin _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
