[Bro] Attributes and Ports Questions
robin at icir.org
Thu Oct 30 07:53:58 PDT 2014
have you seen this page?
It's pretty new (though maybe it's actually where your questiosns are
coming from :)
To add a bit to that:
On Tue, Oct 28, 2014 at 18:10 -0700, anthony kasza wrote:
This used to be primary log rotation mechanism before we switched to
the new logging system/format. I've been wondering if we should just
remove these attributes.
> &synchronize (I think there was a post earlier last month about this one)
These are going to go away, but we aren't there yet. We may start
deprecating them with the next release, which is scheduled to ship
with a first version of their replacement, the new Broker library.
A bit of an obscure feature, originally added to toggle selected sets
of analysis dynamically from BroControl. Don't think that's used
anywhere and I'm inclined to remove it.
These aren't used very often, but can be useful in individual cases.
> &encrypt (applying this to a file causes Bro to "elegantly terminate" for me)
> bro -Ci eth0 -e 'global f1: file = open("f.out") &encrypt'
Another relict from old-style logging, although the new framework
doesn't have any equivalent functionality yet.
Mind filing a ticket for the crash? We should either fix it or remove
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro