[Bro] Bro hanging on some sensors
seth at icir.org
Tue Jun 24 20:59:57 PDT 2014
On Jun 24, 2014, at 5:08 PM, Kellogg, Brian D (OLN) <bkellogg at dresser-rand.com> wrote:
> Can you point me in the direction to start looking at this myself? I'll see what I can dig around and find, thanks.
You can take a look at the base/frameworks/intel/input.bro script. Right now that creates all of the input streams at the same time which causes them all to start reading as fast as they can. It might make more sense (at the moment since we don't have a limiter mechanism on the input framework) to wait until one file is fully read before creating the next input stream.
That input.bro script is an incredibly basic script and it should be possible to create another script and keep it outside of the intel framework that uses the intel framework api to import intelligence data by a different mechanism.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140624/b089e51c/attachment.bin
More information about the Bro