[Bro] Bro and filesystem data on a host (UNCLASSIFIED)
Seth Hall
seth at icir.org
Wed Feb 27 08:52:27 PST 2013
On Feb 27, 2013, at 11:45 AM, "Fair, Charles A SSG USARMY NG NGB ARNG PEC (US)" <charles.a.fair2.mil at mail.mil> wrote:
> We spoke at the 2012 Bro Exchange about how Bro can be used on a filesystem of a host or such, brain a bit fuzzy this early in the morning at 10:36 :) Could you expand on the topic a bit/point me in the right direction?
How are you looking to use it? We have the input framework in 2.1 for reading from inputs that we have plugins for (essentially only Bro logs and text files right now). We may have quite a bit more functionality regarding that in 2.2.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list