[Bro] CIF and Bro Integration
hammadog at gmail.com
Thu Mar 27 11:04:31 PDT 2014
Thanks all for assistance. The deal was my CIF instance was down a couple
levels and the bro plugin was not quite right. Once I updated everything
all was good.
In the process now, with some of Derek's guidance, to tweak my local.bro
and add some more good stuff.
On Wed, Mar 26, 2014 at 9:46 PM, Bernhard Amann
<bernhard at icsi.berkeley.edu>wrote:
> On Mar 26, 2014, at 6:14 PM, Jon Schipp <jonschipp at gmail.com> wrote:
> > I'm not so certain anymore ;)
> > It looks like you're right  that the mode is set to REREAD .
> > Though, I'm pretty sure that I've read in the documentation that a
> restart is required for the removal of items.
> > Maybe that was a mistake. Oh well.
> You are right about that. Even though reread supports the removal of items,
> the current way in which it is used in the intelligence framework does not
> seem to.
> I have to ask Seth why that is the case - it should be easy to change this.
> Bro mailing list
> bro at bro-ids.org
"Life is too short to spend time with people who suck the happy out of you."
[image: View Tom OBrion's profile on
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro