[Bro-Dev] [Bro-Commits] [git/bro] topic/robin/conn-ids: Extending conn_id with a globally unique identifiers. (881071c)
Seth Hall
seth at icir.org
Wed Mar 16 09:02:30 PDT 2011
On Mar 16, 2011, at 11:25 AM, Robin Sommer wrote:
>> I suppose it would make comparison operators take a bit longer.
>
> Haven't thought about that but could we now change them to use the new
> uid?
I guess direct comparisons aren't really done that frequently, but table and set lookups are done all the time. Would it affect table and set lookups to have the extra string to compare? It shouldn't affect lookup time much (or any) should it?
> That's exactly why for now I went with the conn_id. That way, whoever
> logs the id, will automatically log the unique string as well, which
> is neat.
It also gives us the option for changing the default filter to remove either the 4-tuple or the unique string so that sites could choose globally what shows up in their logs if they are just running the default filters.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list