Hello Bro devs. I was talking with Seth yesterday at Bro Con about how an independent command line script for working with Bro logs could fit into bro-pkg.
The bawk shell script I wrote (https://github.com/deltaray/bawk) is a command meant to work with Bro logs from the command line. The installation involves putting an executable script into the path of people analyzing Bro logs and making some associated libraries available to that script somewhere. Right now I’m just putting the script in /opt/bro/bin/bawk and the libraries in /opt/bro/lib/bawk. Maybe there is a better place.
Seth said that this is not something that is covered by bro-pkg at the moment, but maybe is a category of community contribution that should be considered.
On a related note, someone at BroCon also brought up an interesting question about whether bro-pkg could be used to share Intel data with the community. Sounds like bro-pkg could benefit from having additional categories for package types.
Thanks,
Mark