[Bro] Connection records in a database?
taosecurity at gmail.com
Sat Oct 4 13:22:13 PDT 2008
On Thu, Oct 2, 2008 at 4:18 PM, Randolph Reitz <rreitz at fnal.gov> wrote:
> I think time machine might be too much. Currently I'm thinking of
> saving a small time period - say a rolling week's worth of connections
> (or whatever fits). I've previously used splunk (http://
> www.splunk.com) to suck in connection records for later searches. This
> worked, however splunk introduced a delay in retrieval that caused
> problems formatting the notification email.
> Randy Reitz
Can you or anyone else add details on your experiences using Bro with
Splunk? I'm considering pairing the two.
More information about the Bro