[Bro-Dev] Unique connection ID for bro <-> logging framework

Gregor Maier gregor at icir.org
Mon Dec 13 11:29:41 PST 2010


>> b) the user supplies a "hostID", we can then add time and PID
>>    and hash all that together to get the instance ID, e.g.,
>>    md5(hostID + PID + gettimeofday())
> 
> I generally like this, and the hostID can be the peer_description.
> But I think we can hash into 64-bit instead and probably take a
> simpler hash function as well. And then we can just add the 64-bit
> counter to that value.

I'd prefer to keep the counter and the runID separate. E.g., by making
the runID n-bits and the counter 64-n bits and the OR-ing them together.

OTOH, I don't think we need to worry too much about wasting bytes by
using a say, 32 bit runID + 64 bit unique-ID. We now use ACSII for
logging, if we move to binary (and possibly compression), then this will
save *way* more memory than our ID will ever add.

(we could also just add the run-id once per log-file or log-group inside
a file, but might be too cumbersome)

cu
gregor
-- 
Gregor Maier                                             gregor at icir.org
Int. Computer Science Institute (ICSI)          gregor at icsi.berkeley.edu
1947 Center St., Ste. 600                    http://www.icir.org/gregor/
Berkeley, CA 94704
USA


More information about the bro-dev mailing list