From 614f85259a8faae37c683dd8a14a409b6ac24f70 Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Thu, 7 Feb 2013 22:36:17 -0500 Subject: [PATCH] Remove references to event.bif.bro --- doc/user-manual/scripting.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/user-manual/scripting.rst b/doc/user-manual/scripting.rst index d45b322add..3d3cf3e19f 100644 --- a/doc/user-manual/scripting.rst +++ b/doc/user-manual/scripting.rst @@ -73,12 +73,12 @@ Gaining familiarity with the specific events generated by Bro is a big step towa :linenos: :lines: 4124-4149 -Above is a segment of ``event.bif.bro`` showing the documentation for the event dns_request(). It's organized such that the documentation, commentary, and list of arguments precede the actual event definition used by Bro. As Bro detects DNS requests being issued by an originator, it issues this event and any number of scripts then have access to the data Bro passes along with the event. In this example, Bro passes not only the message, the query, query type and query class for the DNS request, but also a then record used for the connection itself. +Above is a segment of the documentation for the event dns_request(). It's organized such that the documentation, commentary, and list of arguments precede the actual event definition used by Bro. As Bro detects DNS requests being issued by an originator, it issues this event and any number of scripts then have access to the data Bro passes along with the event. In this example, Bro passes not only the message, the query, query type and query class for the DNS request, but also a then record used for the connection itself. The Connection Record Data Type =============================== -Of all the events defined in Bro's ``event.bif.bro`` file, an overwhelmingly large number of them are passed the connection record data type, in effect, making it the backbone of many scripting solutions. The connection record itself, as we will see in a moment, is a mass of nested data types used to track state on a connection through its lifetime. Let's walk through the process of selecting an appropriate event, generating some output to standard out and dissecting the connection record so as to get an overview of it. We will cover data types in more detail later. +Of all the events defined by Bro, an overwhelmingly large number of them are passed the connection record data type, in effect, making it the backbone of many scripting solutions. The connection record itself, as we will see in a moment, is a mass of nested data types used to track state on a connection through its lifetime. Let's walk through the process of selecting an appropriate event, generating some output to standard out and dissecting the connection record so as to get an overview of it. We will cover data types in more detail later. While Bro is capable of packet level processing, its strengths lay in the context of a connection between an originator and a responder. As such, there are events defined for the primary parts of the connection life-cycle as you'll see from the small selection of connection-related events below.