[Bro-Dev] [Bro-Commits] [git/trace-summary] fastpath: Teach trace-summary to parse Bro's new conn.log format (closes #520) (975204a)

Seth Hall seth at icir.org
Thu Jul 28 09:58:38 PDT 2011


On Jul 28, 2011, at 12:01 PM, Gregor Maier wrote:

> I don't know whether ConnSizeAnalyzer's output (number of IP bytes and 
> packets on the wire) can also be added to the new conn.log (Seth?). If 
> so, it might make sense to give trace-summary a flag to use those counters.


I still haven't done the ConnSizeAnalyzer integration where I want it yet.  Does it seem unreasonable to anyone to have that enabled mostly by default?  I think it's useful enough that it would be enabled nearly all the time anyway.

I want/need to integrate it into the SSH analysis and Conn analysis at the very least.  If we have the ConnSizeAnalyzer enabled "by default" then I'll add the fields to the core conn scripts, otherwise it will be an extension script (I'd rather have it in the core script support).

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list