[Bro] CIF and Bro Integration

Tom OBrion hammadog at gmail.com
Wed Mar 26 19:08:22 PDT 2014


Well in looking at the DOC on the BRO site.   I must have a different
version of CIF causing the BRO plugin to format my feed differently.


On Wed, Mar 26, 2014 at 9:46 PM, Bernhard Amann
<bernhard at icsi.berkeley.edu>wrote:

> On Mar 26, 2014, at 6:14 PM, Jon Schipp <jonschipp at gmail.com> wrote:
> > I'm not so certain anymore ;)
> > It looks like you're right [1] that the mode is set to REREAD [1].
> > Though, I'm pretty sure that I've read in the documentation that a
> restart is required for the removal of items.
> > Maybe that was a mistake. Oh well.
> You are right about that. Even though reread supports the removal of items,
> the current way in which it is used in the intelligence framework does not
> seem to.
> I have to ask Seth why that is the case - it should be easy to change this.
> Bernhard
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro


Tom O'Brion
Twitter: @tobrion
Skype: TomOBrion
"Life is too short to spend time with people who suck the happy out of you."

[image: View Tom OBrion's profile on
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140326/be9b6911/attachment.html 

More information about the Bro mailing list