[Bro] Encrypting bro logs before storing to disk
seth at icir.org
Tue Aug 13 09:06:33 PDT 2013
On Aug 13, 2013, at 11:22 AM, Robin Sommer <robin at icir.org> wrote:
> I believe even the encryption code itself is still in there, but
> afaict it hasn't been exercised in a while and it's kind of useless
> now that we have the new logging system which does things differently
I've been waiting for *just* the right moment to either implement encryption in the logging framework or get someone else to do it. I'd like to approach it in a way where you could either encrypt entire logs, specific lines, or even individual fields. We'd then just have to have the tooling on the log processing side that can understand this encryption and decrypt it.
Generally though, I think it's fine to remove the log encryption stuff from files and move it all over to the logging framework.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130813/5d1a0ecb/attachment.bin
More information about the Bro