Jon Siwek jsiwek

## print-log-info.bro
# Prints out field descriptions of all logs generated by Zeek 3.0+.
#
# * Set environment variable ZEEK_ALLOW_INIT_ERRORS=1 before running Zeek
#   with this script.
#
# * Requires a version of Bro/Zeek with the improvements from:
#   https://github.com/bro/bro/commit/1f450c05102be6dd7ebcc2c5901d5a3a231cd675
#   (Was not included in 2.6 release)

@load zeekygen

## caf_timeout.cc
#include <caf/all.hpp>
#include <unistd.h>
#include <sys/time.h>

using namespace std;
using namespace caf;

double now()
    {
    struct timeval tv;

## scoped_actor_example.cc
#include <caf/all.hpp>
#include <unistd.h>

using namespace std;
using namespace caf;

struct foo {

	actor a;

## ssh-login-watch.bro
@load base/frameworks/notice
@load base/protocols/ssh

module SSH;

export {
    const watched_servers: set[addr] = {
        192.168.1.100,
        192.168.1.101,
        192.168.1.102,

## receiver.bro
@load frameworks/communication/listen

redef Communication::listen_port = 1337/tcp;

redef Communication::nodes += {
	["foo"] = [$host = 127.0.0.1, $events = /my_event_request/, $connect = F]
};

event remote_connection_handshake_done(p: event_peer)
	{

## sender.bro
redef Communication::nodes += {
	["foo"] = [$host = 127.0.0.1, $p=1337/tcp, $events = /my_event_response/, $connect=T]
};

event my_event_request(details: string)
	{
	print "sent my_event_request", details;
	}

event my_event_response(details: count)

## so-gethostname.bro
module SecurityOnion;

@load base/frameworks/input

export {
    ## Event to capture when the hostname is discovered.
    global SecurityOnion::found_hostname: event(hostname: string);

    ## Hostname for this box.
    global hostname = "";
	# Prints out field descriptions of all logs generated by Zeek 3.0+.
	#
	# * Set environment variable ZEEK_ALLOW_INIT_ERRORS=1 before running Zeek
	# with this script.
	#
	# * Requires a version of Bro/Zeek with the improvements from:
	# https://github.com/bro/bro/commit/1f450c05102be6dd7ebcc2c5901d5a3a231cd675
	# (Was not included in 2.6 release)

	@load zeekygen
	#include <caf/all.hpp>
	#include <unistd.h>
	#include <sys/time.h>

	using namespace std;
	using namespace caf;

	double now()
	{
	struct timeval tv;
	@load base/frameworks/notice
	@load base/protocols/ssh

	module SSH;

	export {
	const watched_servers: set[addr] = {
	192.168.1.100,
	192.168.1.101,
	192.168.1.102,
	@load frameworks/communication/listen

	redef Communication::listen_port = 1337/tcp;

	redef Communication::nodes += {
	["foo"] = [$host = 127.0.0.1, $events = /my_event_request/, $connect = F]
	};

	event remote_connection_handshake_done(p: event_peer)
	{
	redef Communication::nodes += {
	["foo"] = [$host = 127.0.0.1, $p=1337/tcp, $events = /my_event_response/, $connect=T]
	};

	event my_event_request(details: string)
	{
	print "sent my_event_request", details;
	}

	event my_event_response(details: count)
	module SecurityOnion;

	@load base/frameworks/input

	export {
	## Event to capture when the hostname is discovered.
	global SecurityOnion::found_hostname: event(hostname: string);

	## Hostname for this box.
	global hostname = "";