aboutsummaryrefslogtreecommitdiff
path: root/bro-script
diff options
context:
space:
mode:
authorRobin Krahl <guskraro@student.gu.se>2017-09-25 21:29:18 +0000
committerRobin Krahl <guskraro@student.gu.se>2017-09-25 21:29:18 +0000
commit46f518825c4e934b950c1ce0c9936fd106798408 (patch)
tree8d2e59e3719ee580a3d1c6ca51e387c98cf55dd4 /bro-script
parent02f25d16fa3366f1d067f7b2ee6d853eea2bbcb4 (diff)
downloadmidbro-46f518825c4e934b950c1ce0c9936fd106798408.tar.gz
midbro-46f518825c4e934b950c1ce0c9936fd106798408.tar.bz2
bro-script: Explain log file source in README
Diffstat (limited to 'bro-script')
-rw-r--r--bro-script/README3
1 files changed, 2 insertions, 1 deletions
diff --git a/bro-script/README b/bro-script/README
index 03d9158..15f121e 100644
--- a/bro-script/README
+++ b/bro-script/README
@@ -2,7 +2,8 @@ This directory contains a baseline implementation of the package parser
implemented as a Bro script. A .bro file contains a script that can be
executed on a Modbus pcap dump. A .log file contains an example for an
output file generated by this script. By convention, the sample log file
-should contain the first 100 lines of a real log file.
+should contain the first 100 lines of a real log file obtained from running
+the script on packets_00014_20161128135616.cap.
Currently, the scripts only handle the read_holding_registers event. Other
events can handled by simply copying and adapting the existing handlers.