From 46f518825c4e934b950c1ce0c9936fd106798408 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 25 Sep 2017 21:29:18 +0000 Subject: bro-script: Explain log file source in README --- bro-script/README | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'bro-script') diff --git a/bro-script/README b/bro-script/README index 03d9158..15f121e 100644 --- a/bro-script/README +++ b/bro-script/README @@ -2,7 +2,8 @@ This directory contains a baseline implementation of the package parser implemented as a Bro script. A .bro file contains a script that can be executed on a Modbus pcap dump. A .log file contains an example for an output file generated by this script. By convention, the sample log file -should contain the first 100 lines of a real log file. +should contain the first 100 lines of a real log file obtained from running +the script on packets_00014_20161128135616.cap. Currently, the scripts only handle the read_holding_registers event. Other events can handled by simply copying and adapting the existing handlers. -- cgit v1.2.3