[Bro] "hash-all-files", er, doesn't?
Glenn Forbes Fleming Larratt
gl89 at cornell.edu
Fri Nov 21 08:42:53 PST 2014
--
Glenn Forbes Fleming Larratt
Cornell University IT Security Office
On Fri, 21 Nov 2014, Seth Hall wrote:
>
> Did you run the "install" command in BroControl? Running the install
> command will essentially stage any changes that you've made to scripts
> so that the next time things start up they are running the changes
> you've made. You can imagine if the install command wasn't there it
> could be bad in the event that something crashed and was restarted while
> you were changing a script and the one process started running your
> changes or your script had a syntax error and the process couldn't even
> start up.
I did - my process for rule changes goes:
broctl check manager proxy{rnd} bro{rnd}-{rnd}
broctl install
broctl restart
> That script should already be loaded by local.bro too so I'm actually
> kind of surprised that it wasn't already working? The result is that
> out of the box, Bro should be doing MD5 and SHA1 hashes by default when
> run with BroControl.
A previous maintainer had commented out hash-all-files for performance
reasons.
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
More information about the Bro
mailing list