Hello,
Is there a special method for invoking the Bro logging framework when
writing protocol analyzers in Spicy?
In my case, I've disabled the legacy parser (modbus) to not clash with
the Spicy parser I'm writing. Where should the code for invoking the
logging framework reside in this case?
Thanks.
- Troy
The model is to keep doing that from Bro script-land, just as with the
standard analyzers as well. So you'd trigger the events from Spicy,
via the *.evt files, and then write Bro script code to create your log
file.
If your new Spicy-based Modbus parser generated exactly the same
events as the legacy one, you'd automatically get the same log file as
well. If not (which I deem more likely :-), you'll have to write new
scripts replacing the current ones.
Robin