[Bro] Connection records in a database?
mel
mel at hackinthebox.org
Fri Oct 3 23:53:14 PDT 2008
Seth Hall wrote:
>> My first shot will be to write a simple python process that tails the
>> conn.* log file and inserts records. I'm wondering if there is a more
>> elegant way to collect and insert connection records?
I have something[1] similar written late last year, which parses Bro
logs and inserts the data to PostgreSQL[2]. I also have an extremely
alpha version of the web frontend, written in PHP with Symfony framework.
I stopped working on it (due to work commitment, mainly) after realizing
that the best way to do it is by using Broccoli - which up until now I
haven't got around to do.
> I'm going to get started on a C or C++ application soon that will use
> Broccoli to listen to some event which would be intended for database
> logging. You would have to run a Bro script that would throw the
> database logging event for each connection, but that should be fairly
> easy to write. We'll see how far I make it with that. :)
Keep us updated!
> Seth Hall
--mel
[1] http://security.org.my/brologs2db.rb
[2] http://security.org.my/brodb.sql.txt
More information about the Bro
mailing list