[Bro] connection_status_update for inactive flows
Seth Hall
seth at icir.org
Mon Feb 4 12:56:47 PST 2013
On Feb 4, 2013, at 3:46 PM, David Mandelberg <dmandelb at bbn.com> wrote:
> With a bit of modification, I think so. Would the connection object be
> updated with new data (duration, sizes, etc.) each time
> MyModule::regular_check is called?
Yes. The same goes for the approach Jon mentioned. I forgot that he had abstracted that notion even further. :)
You're much less likely to step on someone's toes by making a script work this way at least and internally it's basically doing the same thing but you get more script-land flexibility with the approaches Jon and I mentioned.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list