Skip to content
This repository has been archived by the owner on Jan 27, 2022. It is now read-only.

zeek/broccoli-ruby

Repository files navigation

Ruby Bindings for Broccoli

opening

This is the broccoli-ruby extension for Ruby which provides access to the Broccoli API. Broccoli is a library for communicating with the Bro Intrusion Detection System.

Download

You can find the latest Broccoli-Ruby release for download at https://www.zeek.org/download.

Broccoli-Ruby's git repository is located at https://github.com/zeek/broccoli-ruby

This document describes Broccoli-Ruby 1.62-2. See the CHANGES file for version history.

Installation

To install the extension:

  1. Make sure that the broccoli-config binary is in your path. (export PATH=/usr/local/bro/bin:$PATH)
  2. Run sudo ruby setup.rb.

To install the extension as a gem (suggested):

  1. Install rubygems.
  2. Make sure that the broccoli-config binary is in your path. (export PATH=/usr/local/bro/bin:$PATH)
  3. Run, sudo gem install rbroccoli.

Usage

There aren't really any useful docs yet. Your best bet currently is to read through the examples.

One thing I should mention however is that I haven't done any optimization yet. You may find that if you write code that is going to be sending or receiving extremely large numbers of events, that it won't run fast enough and will begin to fall behind the Bro server. The dns_requests.rb example is a good performance test if your Bro server is sitting on a network with many dns lookups.

Contact

If you have a question/comment/patch, see the Bro contact page.