[Bro] Attributes and Ports Questions
anthony.kasza at gmail.com
Thu Oct 30 08:44:00 PDT 2014
That page is exactly where my questions are coming from. I tried using each
of the attributes in a few toy scripts and was wondering if people are
using them in production as I could not find some of them used in base or
policy. Thanks for the insight, Robin.
On Oct 30, 2014 7:54 AM, "Robin Sommer" <robin at icir.org> wrote:
> Hi Anthony,
> have you seen this page?
> It's pretty new (though maybe it's actually where your questiosns are
> coming from :)
> To add a bit to that:
> On Tue, Oct 28, 2014 at 18:10 -0700, anthony kasza wrote:
> > &rotate_interval
> > &rotate_size
> This used to be primary log rotation mechanism before we switched to
> the new logging system/format. I've been wondering if we should just
> remove these attributes.
> > &mergeable
> > &synchronize (I think there was a post earlier last month about this one)
> > &persistent
> These are going to go away, but we aren't there yet. We may start
> deprecating them with the next release, which is scheduled to ship
> with a first version of their replacement, the new Broker library.
> > &group
> A bit of an obscure feature, originally added to toggle selected sets
> of analysis dynamically from BroControl. Don't think that's used
> anywhere and I'm inclined to remove it.
> > &add_func
> > &delete_func
> These aren't used very often, but can be useful in individual cases.
> > &encrypt (applying this to a file causes Bro to "elegantly terminate"
> for me)
> > bro -Ci eth0 -e 'global f1: file = open("f.out") &encrypt'
> Another relict from old-style logging, although the new framework
> doesn't have any equivalent functionality yet.
> Mind filing a ticket for the crash? We should either fix it or remove
> the attribute.
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro