[Bro-Dev] [JIRA] (BIT-985) 'tail -f' functionality for file reading in input framework
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Tue Mar 17 15:45:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20015#comment-20015 ]
Johanna Amann commented on BIT-985:
-----------------------------------
Thanks for the new patch. Cursory looking at it, it seems that this patch changes a lot of functionality in the Raw reader that seems to have nothing to do with skipping parts of the input file.
Can you perhaps just sketch what else this patch changes? It seems to change something about how the buffering is done in the raw reader, but I am not quite sure what all this does on a first glance.
> 'tail -f' functionality for file reading in input framework
> -----------------------------------------------------------
>
> Key: BIT-985
> URL: https://bro-tracker.atlassian.net/browse/BIT-985
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: scampbell
> Assignee: Johanna Amann
> Priority: Low
> Fix For: 2.4
>
> Attachments: input.diff, PATCH
>
>
> With the current input framework, file data \-> event translation requires that the entire data file be read at bro start time. This can be prohibitive when the file sizes become large ( > 1GB ).
> It would be great to see a file open option that would start reading at the end of the file.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list