[Bro] Bro connections v. NetFlow
michalpurzynski1 at gmail.com
Tue Aug 30 09:44:35 PDT 2016
Have you tested it with loooots of connections? How hard it is on the memory and CPU?
> On 30 Aug 2016, at 16:09, Seth Hall <seth at icir.org> wrote:
>> On Aug 25, 2016, at 6:16 AM, Alec Waters <Alec.Waters at dataline.co.uk> wrote:
>> We set our routers to export flows after one minute if they’re still in progress (it’ll continue to send a flow export every minute until it’s complete). More info here:
> The fun part about Bro is that it's a scripting language and we can do whatever we want! :)
> Here's a script that I wrote in Broala a while ago that we're releasing under the BSD license.
> I think I will need to do a bit more work on this to make it more like flow cutting, but at the very least it now makes active connections visible. Any feedback would be appreciated.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
More information about the Bro