[Bro] CIF and Bro Integration
Tom OBrion
hammadog at gmail.com
Thu Mar 27 11:04:31 PDT 2014
Thanks all for assistance. The deal was my CIF instance was down a couple
levels and the bro plugin was not quite right. Once I updated everything
all was good.
In the process now, with some of Derek's guidance, to tweak my local.bro
and add some more good stuff.
Thanks again!
Tom
On Wed, Mar 26, 2014 at 9:46 PM, Bernhard Amann
<bernhard at icsi.berkeley.edu>wrote:
>
> On Mar 26, 2014, at 6:14 PM, Jon Schipp <jonschipp at gmail.com> wrote:
>
> > I'm not so certain anymore ;)
> > It looks like you're right [1] that the mode is set to REREAD [1].
> > Though, I'm pretty sure that I've read in the documentation that a
> restart is required for the removal of items.
> > Maybe that was a mistake. Oh well.
>
> You are right about that. Even though reread supports the removal of items,
> the current way in which it is used in the intelligence framework does not
> seem to.
>
> I have to ask Seth why that is the case - it should be easy to change this.
>
> Bernhard
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Tom O'Brion
Twitter: @tobrion
Skype: TomOBrion
"Life is too short to spend time with people who suck the happy out of you."
[image: View Tom OBrion's profile on
LinkedIn]<http://www.linkedin.com/in/tomobrion>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140327/dceff6c0/attachment.html
More information about the Bro
mailing list