[Bro] BRO and SQL

Justin Azoff JAzoff at albany.edu
Mon Oct 29 10:08:55 PDT 2012


On Fri, Oct 26, 2012 at 04:04:58PM -0700, Jim Mellander wrote:
> Resurrecting an old thread.
> 
> Seth's information on "broctl update", reproduced below has proven useful to us
> when changing const variables (sounds like a contradiction!), such as
> maintanance of whitelists or blacklists, without restarting bro.  I've been
> thinking about some use cases of redef'ing consts, where I would like to cook
> the data in the consts.  This I typically do with a bro_init event handler when
> bro starts up.  Is there some way to trigger an event when these updates occur,
> so that the updated variable can be recooked?
> 
> Thanks in advance

Have you looked at all nto the Input Framework?

http://blog.bro-ids.org/2012/06/upcoming-loading-data-into-bro-with.html


-- 
-- Justin Azoff
-- Network Security & Performance Analyst



More information about the Bro mailing list