[Bro] Cluster state synchronization
Damian Gerow
damian.gerow at shopify.com
Wed Oct 8 06:25:07 PDT 2014
On Tue, Oct 7, 2014 at 12:51 PM, Seth Hall <seth at icir.org> wrote:
> Is this a script that you wrote locally or are you using the Broala
> script?
> https://github.com/broala/bro-snippets/blob/master/intel-dns.bro
> (this script works like it sounds like your does, but it uses data
> you have fed into the intel framework)
>
It's a script that I inherited, originally written locally (I believe). It
is quite similar to the Broala script, but we're not using the intel
framework.
If you're curious about your script though, post is somewhere and someone
> can take a look. :)
>
A shortened version of the script I'm using for testing is at
https://gist.github.com/mutemule/a36f49b16db51eccd159. If I move the 'add'
commands into their own functions, and then prioritize the 'add_' over the
'is_' functions, would that be a reasonable way to ensure my sets are
updated before being used for lookups? I'm already planning to migrate
some of our stuff over to Intel, but I'm not quite there yet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141008/64bb7f45/attachment.html
More information about the Bro
mailing list