[Bro] Connection records in a database?
Richard Bejtlich
taosecurity at gmail.com
Sat Oct 4 13:22:13 PDT 2008
On Thu, Oct 2, 2008 at 4:18 PM, Randolph Reitz <rreitz at fnal.gov> wrote:
> I think time machine might be too much. Currently I'm thinking of
> saving a small time period - say a rolling week's worth of connections
> (or whatever fits). I've previously used splunk (http://
> www.splunk.com) to suck in connection records for later searches. This
> worked, however splunk introduced a delay in retrieval that caused
> problems formatting the notification email.
>
> Thanks,
> Randy Reitz
> Fermilab
Randy,
Can you or anyone else add details on your experiences using Bro with
Splunk? I'm considering pairing the two.
Thank you,
Richard
More information about the Bro
mailing list