[Bro] Connection records in a database?

Richard Bejtlich taosecurity at gmail.com
Sat Oct 4 13:22:13 PDT 2008

On Thu, Oct 2, 2008 at 4:18 PM, Randolph Reitz <rreitz at fnal.gov> wrote:

> I think time machine might be too much.  Currently I'm thinking of
> saving a small time period - say a rolling week's worth of connections
> (or whatever fits).  I've previously used splunk (http://
> www.splunk.com) to suck in connection records for later searches. This
> worked, however splunk introduced a delay in retrieval that caused
> problems formatting the notification email.
> Thanks,
> Randy Reitz
> Fermilab


Can you or anyone else add details on your experiences using Bro with
Splunk?  I'm considering pairing the two.

Thank you,


More information about the Bro mailing list