[Bro] Bro connections v. NetFlow
seth at icir.org
Tue Aug 30 07:09:18 PDT 2016
> On Aug 25, 2016, at 6:16 AM, Alec Waters <Alec.Waters at dataline.co.uk> wrote:
> We set our routers to export flows after one minute if they’re still in progress (it’ll continue to send a flow export every minute until it’s complete). More info here:
The fun part about Bro is that it's a scripting language and we can do whatever we want! :)
Here's a script that I wrote in Broala a while ago that we're releasing under the BSD license.
I think I will need to do a bit more work on this to make it more like flow cutting, but at the very least it now makes active connections visible. Any feedback would be appreciated.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160830/eb717f06/attachment.bin
More information about the Bro