[Bro] Two questions

Eugene Dautzenberg edautz at gmail.com
Fri Nov 18 00:57:28 PST 2016


Thnx for your reply. But I am looking for an alerting solution within the Bro framework based on triggerd events. 

Verstuurd vanaf mijn iPhone

> Op 17 nov. 2016 om 19:40 heeft erik clark <philosnef at gmail.com> het volgende geschreven:
> There is a dirty way you can do it without TOO much effort. Grep your notice out of notice.log, store the conn_id in a flat file, iterate over it periodically. For any conn_id not in your flat file, process it, store the conn_id in the flatfile, and continue. This way you can just run a grep driven script every X minutes to do this without much effort.
> On a big link, this just isn't going to work. You might be grepping a notice.log file hundreds of megs in size every X minutes, and thats just no bueno. If you have a small link.... then thats different.

More information about the Bro mailing list