[Bro] connection_status_update for inactive flows
David Mandelberg
dmandelb at bbn.com
Mon Feb 4 11:02:49 PST 2013
On Sat, 2013-02-02 at 12:27 -0800, Robin Sommer wrote:
>
> On Fri, Feb 01, 2013 at 19:04 -0500, you wrote:
>
> > Does the event connection_status_update fire periodically for inactive
> > flows that haven't timed out yet, or just for flows that were active
> > since the last connection_status_update event?
>
> The former, activity doesn't matter.
Thanks!
One more question: What's the best way for a script to handle
connection_status_update_interval? Would it offend site administrators
or other script authors for my script to redef it to a value that works
for that script? Should I just add a comment saying something like "Site
administrators should redef connection_status_update_interval to an
appropriate value, given these considerations about what values are
appropriate?"
More information about the Bro
mailing list