[Bro-Dev] Proposed IOSource reorg
seth at icir.org
Wed Dec 4 08:12:58 PST 2013
On Dec 3, 2013, at 1:07 PM, Robin Sommer <robin at icir.org> wrote:
To document our conversation from yesterday, flow-src should probably be thrown out and the netflow analyzer turned into a file analyzer. Extending the input framework to be able to open raw sockets would then enable us to create an input stream holding open a datagram socket and attach the netflow file analyzer to it. This would simplify the whole thing and make it possible to reuse the netflow analyzer code because we could yank netflow directly off the wire with it too (pending some analyzer infrastructure re-architecting).
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20131204/c3ba09b0/attachment.bin
More information about the bro-dev