[Bro] Bro Digest, Vol 135, Issue 3

David Florek dave.a.florek at gmail.com
Mon Jul 3 12:29:53 PDT 2017


Have you considered syslog?

> On Jul 3, 2017, at 3:00 PM, bro-request at bro.org wrote:
> 
> Send Bro mailing list submissions to
>    bro at bro.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> or, via email, send a message with subject or body 'help' to
>    bro-request at bro.org
> 
> You can reach the person managing the list at
>    bro-owner at bro.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Bro digest..."
> 
> 
> Today's Topics:
> 
>   1. Real-time reporting from multiple sensors to multiple
>      analysis points (Marcin Nawrocki)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 3 Jul 2017 12:51:39 +0200
> From: Marcin Nawrocki <marcin.nawrocki at fu-berlin.de>
> Subject: [Bro] Real-time reporting from multiple sensors to multiple
>    analysis points
> To: bro at bro.org
> Message-ID: <230078a0-adf3-61d1-52f7-ddd64df0f54a at fu-berlin.de>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
> Dear bro mailing list,
> 
> 
> I have a question regarding the configuration of bro and its real-time 
> reporting features.
> 
> Right now, I have two sensors (s1, s2), each running one bro node with 
> log files rotating every hour. After the rotation, I send the files from 
> each sensor to an analysis point (a1) via scp and perform my analysis steps.
> 
> My requirements changed now: I want to know what happens on the sensors 
> in almost real-time. How do I send reports from (s1,s2) with a max. 
> delay of 10 seconds to another analysis point (a2)? The reports can 
> still reach (a1) every hour to keep the load low. My intuition tells me, 
> that a very low rotation interval and scp are not the best practice here.
> 
> 
> Regards,
> 
> Marcin Nawrocki
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Bro mailing list
> Bro at bro.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> 
> End of Bro Digest, Vol 135, Issue 3
> ***********************************



More information about the Bro mailing list