[Bro] Cluster state synchronization

Damian Gerow damian.gerow at shopify.com
Wed Oct 8 08:15:27 PDT 2014


On Wed, Oct 8, 2014 at 10:19 AM, Seth Hall <seth at icir.org> wrote:

> > A shortened version of the script I'm using for testing is at
> https://gist.github.com/mutemule/a36f49b16db51eccd159.  If I move the
> 'add' commands into their own functions, and then prioritize the 'add_'
> over the 'is_' functions, would that be a reasonable way to ensure my sets
> are updated before being used for lookups?  I'm already planning to migrate
> some of our stuff over to Intel, but I'm not quite there yet.
>
> Oh, nice.  I like the idea behind that script.  I think I understand the
> rationale behind it too.
>
> I made some updates to your script (also attached to the email)...
>
> http://try.bro.org/#/trybro/saved/d1269a5c-4099-4f55-aed9-82f59fc9e3dd


Thanks!  That's the first step in my cleanup done.  ;)

But I don't see much of a difference between these scripts, as it relates
to my problem with the timeliness of set updates.  Is there anything in
particular you've done that might result in sets being updated before being
referenced for lookups?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141008/e2f6efb3/attachment.html 


More information about the Bro mailing list