This repository has been archived by the owner on Feb 16, 2022. It is now read-only.
forked from zeek/broccoli-perl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
145 lines (95 loc) · 3.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
.. -*- mode: rst-mode -*-
..
.. Version number is filled in automatically.
.. |version| replace:: 0.1-1
==========================
Perl Bindings for Broccoli
==========================
.. class:: opening
This Perl module provides bindings for `Broccoli
<{{git('broccoli:doc/broccoli-manual.rst')}}>`_, Bro's client
communication library. Note that this package is still considered
experimental, and not yet part of the Broccoli distribution.
Please let us know whether it works for you.
.. contents::
Download
--------
Broccoli-Perl's git repository is located at
`git://git.bro-ids.org/broccoli-perl.git
<git://git.bro-ids.org/broccoli-perl.git>`__. You can browse the
repository `here <http://git.bro-ids.org/broccoli-perl.git>`__. Please
note that we do not yet provide releases outside of git (but plan to
do so in the future)
This document describes Broccoli-Perl |version|. See the `CHANGES
<{{git('broccoli-perl:CHANGES')}}>`__ file for version history.
Installation
------------
Broccoli-Perl requires perl 5.10.1 or newer.
To install do something like::
export CCFLAGS="-I/usr/local/bro/include"
export LDDFLAGS="-L/usr/local/bro/lib"
perl Makefile.PL
make
make install
If ``broccoli.h`` is not found (many unknown definition errors), check
``CCFLAGS``. If a scripts complain about dynamic linking errors at
start, check ``LDDFLAGS``.
Usage
-----
The following examples give a short demonstration on how to send and receive
Bro events in Perl.
A more thorough explanation can be found in the pod documentation of the module.
Connectiong to Bro
~~~~~~~~~~~~~~~~~~
The following code opens a connection to a remote Bro instance. Automatic type guessing is enabled.
::
# import Broccoli and all types
use Broccoli::Connection qw/:types/;
# connect to bro
my $b = Broccoli::Connection->new(
destination => "localhost:47758",
quess_types => 1,
});
Sending Events
~~~~~~~~~~~~~~
When a bro connection has been set up, it can be used to send events:
::
# send events
my $seq = 0;
$b->send("ping", $seq++);
Records are automaticially generated from Hashes:
::
# send records
$b->send("recordtest", {
intvalue => 1,
stringvalue => "hi",
});
# send records of records
$b->send("RecordOfRecordTest", {
first => { intvalue => 1 },
second => { addr => "192.168.17.1" }
};
Types can be explecitely specified when necessary. For more details see the pod documentation
::
# specify type
$b->send("counttest", count(5));
Receiving Events
~~~~~~~~~~~~~~~~
To receive events, a callback function has to be specified.
::
# define event handlers
$b->event("pong", sub {
my $seq = shift;
say "Received pong with number $seq";
});
After defining all callback functons, the event handlers have to be registered by calling
::
$b->registerEvents();
Bro data types are automatically converted to the perl equivalents. Records are converted to hashes.
Examples
--------
Some examples are in te ``examples`` subdirectory.
- ``broping.pl`` sends pings to the ``broping.bro`` script included with Broccoli.
- ``broping-record.py`` sends pings to the ``broping-record`` script included with Broccoli.
- ``test.pl`` and ``test_guesstypes.pl`` together with ``test.bro`` show most of the features supported
by the library.