From da9544a4dba273d1cada460f3064d9e1ff21b44e Mon Sep 17 00:00:00 2001
From: Andreas Lindhé <andreas@lindhe.io>
Date: Wed, 11 Oct 2017 08:47:50 +0200
Subject: Move files from bro-script directory

---
 broccoli/script/README | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 broccoli/script/README

(limited to 'broccoli/script/README')

diff --git a/broccoli/script/README b/broccoli/script/README
new file mode 100644
index 0000000..15f121e
--- /dev/null
+++ b/broccoli/script/README
@@ -0,0 +1,9 @@
+This directory contains a baseline implementation of the package parser
+implemented as a Bro script.  A .bro file contains a script that can be
+executed on a Modbus pcap dump.  A .log file contains an example for an
+output file generated by this script.  By convention, the sample log file
+should contain the first 100 lines of a real log file obtained from running
+the script on packets_00014_20161128135616.cap.
+
+Currently, the scripts only handle the read_holding_registers event.  Other
+events can handled by simply copying and adapting the existing handlers.
-- 
cgit v1.2.3