[Bro-Dev] [JIRA] (BIT-985) 'tail -f' functionality for file reading in input framework
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Fri Apr 17 11:27:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20314#comment-20314 ]
Johanna Amann commented on BIT-985:
-----------------------------------
Branch topic/johanna/bit0985 adds seeking functionality to raw reader.
one can now add an option "offset" to the config map. Positive offsets are interpreted to be from the beginning of the file, negative from the end of the file (-1 is end of file).
Only works for raw reader in streaming or manual mode. Does not work with executables.
Scott, could you perhaps add a separate bug for your ring-buffer changes if you want to get them into mainline Bro? (They will not make it into 2.4 though).
> 'tail -f' functionality for file reading in input framework
> -----------------------------------------------------------
>
> Key: BIT-985
> URL: https://bro-tracker.atlassian.net/browse/BIT-985
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: scampbell
> Assignee: Johanna Amann
> Priority: Low
> Fix For: 2.4
>
> Attachments: input.diff, PATCH
>
>
> With the current input framework, file data \-> event translation requires that the entire data file be read at bro start time. This can be prohibitive when the file sizes become large ( > 1GB ).
> It would be great to see a file open option that would start reading at the end of the file.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
More information about the bro-dev
mailing list