[Bro] Encrypting bro logs before storing to disk
Robin Sommer
robin at icir.org
Tue Aug 13 08:22:37 PDT 2013
On Thu, Aug 08, 2013 at 20:34 +0000, Jonathan Siwek wrote:
> the C++ land) sounds like it would work. And if the encryption
> behavior were made toggle-able (possibly via some script-land
> variables that could be set/redef'd), that would make a patch to do
> such a thing more acceptable.
Still wanted to chime in here: having that as an option would indeed
be quite nice.
Actually Bro used to have that functionality, and we still have
left-overs from that in the code, e.g., in scripts/base/init-bare.bro
## Deprecated.
const log_encryption_key = "<undefined>" &redef;
I believe even the encryption code itself is still in there, but
afaict it hasn't been exercised in a while and it's kind of useless
now that we have the new logging system which does things differently
internally.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin
More information about the Bro
mailing list