david.network.security at gmail.com
Thu Feb 10 23:56:47 PST 2011
I'm using 'nc' to see how BroIDS behaves. For now, it's not a problem of speed.
Maybe later... I want to use it in a 10Gbps network speed. Maybe
100Gps in 1/2 years.
On Thu, Feb 10, 2011 at 3:54 PM, Neslog <neslog at gmail.com> wrote:
> Not sure within poicy but you may want to try tcpreplay and set to
> generate the traffic at wire speed instead of disk I/O.
> On 2/10/11, David Rodrigues <david.network.security at gmail.com> wrote:
>> using @load file-flush (with a dash) worked :)
>> But now I'm running into another problem.
>> The signature is only triggered once for the same host and for a given
>> period of time.
>> Is there a way to report every single signature match?
>> On Wed, Feb 9, 2011 at 7:20 PM, Seth Hall <seth at icir.org> wrote:
>>> On Feb 9, 2011, at 1:14 PM, Neslog wrote:
>>>> How about the file_flush.bro? When I'm testing I lod that one with a
>>>> short time inerval.
>>> Good catch. I had a nagging feeling that I was missing something.
>>> Seth Hall
>>> International Computer Science Institute
>>> (Bro) because everyone has a network
>>> Bro mailing list
>>> bro at bro-ids.org
> Sent from my mobile device
More information about the Bro