[Bro-Dev] Unique connection ID for bro <-> logging framework
Gregor Maier
gregor at icir.org
Mon Dec 13 11:29:41 PST 2010
>> b) the user supplies a "hostID", we can then add time and PID
>> and hash all that together to get the instance ID, e.g.,
>> md5(hostID + PID + gettimeofday())
>
> I generally like this, and the hostID can be the peer_description.
> But I think we can hash into 64-bit instead and probably take a
> simpler hash function as well. And then we can just add the 64-bit
> counter to that value.
I'd prefer to keep the counter and the runID separate. E.g., by making
the runID n-bits and the counter 64-n bits and the OR-ing them together.
OTOH, I don't think we need to worry too much about wasting bytes by
using a say, 32 bit runID + 64 bit unique-ID. We now use ACSII for
logging, if we move to binary (and possibly compression), then this will
save *way* more memory than our ID will ever add.
(we could also just add the run-id once per log-file or log-group inside
a file, but might be too cumbersome)
cu
gregor
--
Gregor Maier gregor at icir.org
Int. Computer Science Institute (ICSI) gregor at icsi.berkeley.edu
1947 Center St., Ste. 600 http://www.icir.org/gregor/
Berkeley, CA 94704
USA
More information about the bro-dev
mailing list