[Bro] Connection records in a database?

Christopher Jay Manders cjmanders at gmail.com
Fri Oct 3 09:26:21 PDT 2008


I have written a similar program in C. It imports over 2 Mill. connection
log lines in just about 20 minutes. Other scripted methods, such as via
Perl, appear to take a bit more time, CPU and RAM, which is why I chose C.

It parses logs (conn.log only right now) from Bro and puts the contents into

The code is autoconf'ed, so you might want to give it a try. I also include
the SQL Table layout I used.

I have the code up here: https://sourceforge.net/projects/bro-tools/



On Fri, Oct 3, 2008 at 4:20 AM, Seth Hall <hall.692 at osu.edu> wrote:

> On Oct 3, 2008, at 3:06 AM, Stephen Chan wrote:
> > Seth Hall wrote:
> >>
> >> I'm going to get started on a C or C++ application soon that will use
> >> Broccoli to listen to some event which would be intended for database
> >> logging.
> > Hi Seth,
> >    I've got one written already, if you're interested I can send you
> > the source.
> Please!  I actually just wrote one which is getting close to working,
> but I'd be happy to see your implementation.
>   .Seth
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20081003/f9faeeec/attachment.html 

More information about the Bro mailing list