[Bro] bro_init asyncronicity problem

Sailio Mirko Mirko.Sailio at vtt.fi
Wed Feb 15 02:03:47 PST 2017


Hi

Does bro_init event stop before the other events are started? I have a init script, which removes some of ip addresses from monitoring, but am still getting detections for them (which is bad). :)
The datastructure is checked in "event new_connections()" for matches. The unwanted detection events only seems to happen in the very first moments after starting Bro, so I'm assuming that the problem occours because the rules are not yet in my datastructure, but could of course be wrong.

If bro_init does not (as default)  finish before other events are accepted, is there a way to force bro_init to finish first?

Thanks for any help,
Mirko

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170215/74a39a05/attachment.html 


More information about the Bro mailing list