[Bro] BRO intel framework
seth at icir.org
Tue Apr 28 09:10:00 PDT 2015
> On Apr 28, 2015, at 3:39 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> How can I append data to /intel.dat ? Can I just overwrite it by using mv linux command ?
Yes, that’s the best option.
> Is it necessary to reload bro once /intel.dat changed ?
Nope. Bro will pick up the changes automatically. If you are running on a cluster, it will pick them up on the manager and distribute them out to the workers. Also, the internal intelligence representation is accumulative. If you remove something from that file, Bro is still watching for it.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150428/cd51faaa/attachment.bin
More information about the Bro