[Bro] Bro's evolutions

Jean-Philippe Luiggi jp.luiggi at free.fr
Tue Sep 5 11:59:14 PDT 2006


Hello All,

Several things :  

While i just sent a mail to Vern last week asking about the
availability of the svn repository, i too agree with Christian,
this access can bring its batch of problems so ...

Another subject we spoke a few months ago (if not a year) : "Netflow"
Let's imagine we would like having this used in "Bro", how doing this ?

There're at least severals solutions :

- Getting Netflow's flows coming directly inside Bro (turning it to be
something likes a collector as flow-tools, nfcapd, etc.)
 
- Use an external collector as one of those about which i speak above 
and let Bro getting informations from the data.

In security, i like the principle of unicity so the second approach is
better for me (an IDS is an IDS, not a Netflow's collector). 

So any advices, comments...

Thank you.

Best regards.






More information about the Bro mailing list