[Bro-Dev] Proposed IOSource reorg

Seth Hall seth at icir.org
Wed Dec 4 08:12:58 PST 2013


On Dec 3, 2013, at 1:07 PM, Robin Sommer <robin at icir.org> wrote:

>    src/iosource/sources/flow-src/*

To document our conversation from yesterday, flow-src should probably be thrown out and the netflow analyzer turned into a file analyzer.  Extending the input framework to be able to open raw sockets would then enable us to create an input stream holding open a datagram socket and attach the netflow file analyzer to it.  This would simplify the whole thing and make it possible to reuse the netflow analyzer code because we could yank netflow directly off the wire with it too (pending some analyzer infrastructure re-architecting).

  .Seth 

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20131204/c3ba09b0/attachment.bin 


More information about the bro-dev mailing list