[Bro-Dev] conn.bro
Seth Hall
seth at icir.org
Tue May 3 11:47:56 PDT 2011
On May 2, 2011, at 6:43 PM, Robin Sommer wrote:
> - ts: I'd prefer to keep this the timestamp of the first packet,
> that's more well defined.
Isn't that what c$start_time is?
> - Did we decide whether we want to add the raw byte volume via
> Gregor's patch? I'd say so. I'll see that that gets merged in.
This isn't merged yet then? If not, I'll add it once it's merged.
> - I'd say let's include history by default, but not addl.
Done.
> - "logging" isn't used.
Removed. I think I want to handle that more generically since the splitting and filtering is the same for all log files now.
> - Rename "connection$log" to "connection$conn" for consistency?
Agreed and done.
This script was much faster to update than the dns script. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list