[Bro-Dev] Broker data layouts
Robin Sommer
robin at corelight.com
Thu Aug 23 08:31:02 PDT 2018
On Thu, Aug 23, 2018 at 15:32 +0200, Dominik Charousset wrote:
> Does that mean I need to receive the LogCreate even first to
> understand successive LogWrite events?
I don't really see a way around that without substantially increasing
volume. We could send LogCreate updates regularly, so that it's easier
to synchronize with an ongoing stream.
Robin
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the bro-dev
mailing list