[Bro-Dev] trace-summary question
Seth Hall
seth at icir.org
Mon Aug 8 07:33:43 PDT 2011
On Aug 8, 2011, at 1:04 AM, Robin Sommer wrote:
> That's what the part 'with a given summary' was aiming at: if you feed
> trace-summary a conn.log that already has that problme, there's
> nothing it can do about it. That's not saying there aren't ways to get
> the conn.log right in the first place. :)
My plan was to enable Gregor's ConnSize analyzer by default. Does it make sense to use the values acquired from that in place of the existing values?
>> , until it was unceremoniously dumped)
>
> Was it dumped, or is it just not moved over yet? I don't recall.
Not moved over yet. I didn't dump anything, it's all just waiting to regain it's status in the sun. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list