[Bro] Encrypting bro logs before storing to disk

Seth Hall seth at icir.org
Tue Aug 13 09:06:33 PDT 2013

On Aug 13, 2013, at 11:22 AM, Robin Sommer <robin at icir.org> wrote:

> I believe even the encryption code itself is still in there, but
> afaict it hasn't been exercised in a while and it's kind of useless
> now that we have the new logging system which does things differently
> internally. 

I've been waiting for *just* the right moment to either implement encryption in the logging framework or get someone else to do it.  I'd like to approach it in a way where you could either encrypt entire logs, specific lines, or even individual fields.  We'd then just have to have the tooling on the log processing side that can understand this encryption and decrypt it.

Generally though, I think it's fine to remove the log encryption stuff from files and move it all over to the logging framework.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130813/5d1a0ecb/attachment.bin 

More information about the Bro mailing list