Re: [Bro-Dev] input-framework file locations

On 25 Aug 2017, at 16:56, Aashish Sharma wrote: > global smtp_indicator_feed= fmt > ("%s/feeds/smtp_malicious_indicators.out",@DIR) ; > > Problem is: @DIR gives the path of the directory where script is > residing. > > So when I do broctl install - all the scripts go into : >

Re: [Bro-Dev] send_id (Re: [Bro-Commits] [git/bro] topic/jsiwek/actor-system: Finish port of control framework to use broker. (8dddae1))

On Mon, Aug 28, 2017 at 19:53 +, you wrote: > Sounds ok. Were you going to work on adding such a message or want me to try? I can work on it, but it'll probably take me a few days to get to it. If can make progress with other stuff in the meantime, I'll do that; otherwise give it a try if

Re: [Bro-Dev] send_id (Re: [Bro-Commits] [git/bro] topic/jsiwek/actor-system: Finish port of control framework to use broker. (8dddae1))

> On Aug 26, 2017, at 10:12 AM, Robin Sommer wrote: > > Jon, replacing send_id() may indeed work better with an extension at > the C++/Broker level. > - I'm thinking the best approach may be a new Bro-specific > message for Broker, similar to the log-create/write

Re: [Bro-Dev] send_id (Re: [Bro-Commits] [git/bro] topic/jsiwek/actor-system: Finish port of control framework to use broker. (8dddae1))

On Mon, Aug 28, 2017 at 11:09 +0200, you wrote: > Thanks for the clarification! I was thinking about send_id() in context > of the intel framework as well. Yep, I meant Intel framework of course. :) > So sending opaque values will still be possible using broker, right? Yes, correct (one

Re: [Bro-Dev] send_id (Re: [Bro-Commits] [git/bro] topic/jsiwek/actor-system: Finish port of control framework to use broker. (8dddae1))

On 27/08/17 04:03, Seth Hall wrote: > I believe that Robin meant the intel framework instead of sumstats. > (Hopefully this avoids some confusion) Thanks for the clarification! I was thinking about send_id() in context of the intel framework as well. As you might noticed, I enjoyed playing