From r3dham at gmail.com Mon Jun 18 21:06:39 2012 From: r3dham at gmail.com (Alex Shim) Date: Tue, 19 Jun 2012 13:06:39 +0900 Subject: [TM] [The Time Machine] Any update plan? Message-ID: I have been waiting for ticket #4 ( http://tracker.bro-ids.org/time-machine/ticket/4) Do you have any plan to fix it? Cheers, Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/time-machine/attachments/20120619/2deaa263/attachment.html From seth at icir.org Mon Jun 18 23:18:56 2012 From: seth at icir.org (Seth Hall) Date: Tue, 19 Jun 2012 02:18:56 -0400 Subject: [TM] [The Time Machine] Any update plan? In-Reply-To: References: Message-ID: <3402E2DF-C9B6-4F02-9F09-2A2932A56AE7@icir.org> On Jun 19, 2012, at 12:06 AM, Alex Shim wrote: > I have been waiting for ticket #4 (http://tracker.bro-ids.org/time-machine/ticket/4) > > Do you have any plan to fix it? We would love for that ticket to be fixed. It's one of the main blockers for people to run time-machine. We don't have anyone working on time-machine at the moment unfortunately. I am trying to get a developer to start fixing bugs on the tracker but I'm not sure if it's going forward. If you are able or know someone who is willing and able to do heavy lifting on time-machine, let me know. I'd be interested in talking more. Thanks, .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From asharma at lbl.gov Tue Jun 19 08:07:27 2012 From: asharma at lbl.gov (Aashish Sharma) Date: Tue, 19 Jun 2012 08:07:27 -0700 Subject: [TM] [The Time Machine] Any update plan? In-Reply-To: <3402E2DF-C9B6-4F02-9F09-2A2932A56AE7@icir.org> References: <3402E2DF-C9B6-4F02-9F09-2A2932A56AE7@icir.org> Message-ID: <20120619150723.GA25429@yaksha.lbl.gov> While persistence of indices is a very much desired feature (for me too), its not a show stopper for using the tm in the production environment. Previously TM re-starts overwrote the files due to reuse of the output file-name. That is fixed by adding Unix time-stamp to the file names, thus stopping accidental overwrites. As of indexes being used for searches: I have used tcpslice to zero-in on the possible time-periods of the desired connection and then use tcpdump to extract data from those specific pcaps. tcpdump with GNU parallel works fantastic for this task. Hope this helps, Aashish On Tue, Jun 19, 2012 at 02:18:56AM -0400, Seth Hall wrote: > > On Jun 19, 2012, at 12:06 AM, Alex Shim wrote: > > > I have been waiting for ticket #4 (http://tracker.bro-ids.org/time-machine/ticket/4) > > > > Do you have any plan to fix it? > > We would love for that ticket to be fixed. It's one of the main blockers for people to run time-machine. We don't have anyone working on time-machine at the moment unfortunately. I am trying to get a developer to start fixing bugs on the tracker but I'm not sure if it's going forward. > > If you are able or know someone who is willing and able to do heavy lifting on time-machine, let me know. I'd be interested in talking more. > > Thanks, > .Seth > > -- > Seth Hall > International Computer Science Institute > (Bro) because everyone has a network > http://www.bro-ids.org/ > > > _______________________________________________ > Time-Machine mailing list > Time-Machine at mailman.ICSI.Berkeley.EDU > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/time-machine -- Aashish Sharma (asharma at lbl.gov) Cyber Security, Information Technology Division Lawrence Berkeley National Laboratory http://www.lbl.gov/cyber/pgp-aashish.txt Office: (510)-495-2680 Cell: (510)-457-1525 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/time-machine/attachments/20120619/8b31eb41/attachment.bin