[Bro] Using Broccoli to config Bro agents remotely
Christian Kreibich
christian at whoop.org
Wed Apr 4 17:42:18 PDT 2007
Hi there,
apologies for the slow reply.
On Sun, 2007-03-25 at 11:09 +0700, Nguoi Khong Mang Ho wrote:
> Hi all,
>
> Do you ever use Broccoli to config, register or implement your own
> event handlers on remote Bro agents from the central one? Is there any
> docs or experiences on doing that?
I'm not sure I understand, sorry, but I'll try to answer by pointing out
a few related things that we currently can(not) do:
- First, if you are looking at Bro-Bro communication, then Broccoli is
not of interest. Broccoli is used when you want to make a *non-Bro*
entity talk to Bro. Broccoli also currently doesn't know how to
serialize policy code (since non-Bro endpoints trypically won't know
what to do with them).
- You can currently *full* configuration dumps of a Bro node and
transfer this policy configuration + run-time state to another node. If
this is what you want, then let us know and we'll clarify.
- You can not transfer policy code at the granularity of individual
event handlers. While we can serialize them, the bit of infrastructure
required to patch in such bits of code dynamically isn't currently there
(unless I'm missing recent developments).
Hope that helps.
Cheers,
Christian
--
________________________________________________________________________
http://www.icir.org/christian
http://www.whoop.org
More information about the Bro
mailing list