Hi. Just a couple of questions.
1. What is the proper procedure for having bifs (built-in-functions) added
to the core of bro? For a prototype I went ahead and added 2 functions
(listed below) and I was wondering if they could be put into the official
bro distribution. The changes were very basic but I am more than willing to
submit source code changes if someone could direct me to some documentation
on the proper procedures, or even who to send the changes to so they can be
reviewed and/or approved.
// here are the functions
a. global get_contents_file: function(cid: conn_id, direction: count): file;
b. global get_file_name: function(f: file): string;
2. In short, in the .97 build how do you write to the syslog from a ".bro"
policy script?
I realize the terminology has changed from the .94 to the .97 baseline for
the concepts of "log/alert and notice" and unless I'm mistaken the "log"
function has been removed in .97. I'm not sure if the old (.94) "log"
function would always, or conditionally write to the system log (syslog),
but that is what I'd like to do now. If it isn't possible, what do you
suggest I do? For example, should I add another built-in-function?
Thanks in advance for your help.
john