[Bro] Attributes and Ports Questions
Robin Sommer
robin at icir.org
Thu Oct 30 07:53:58 PDT 2014
Hi Anthony,
have you seen this page?
https://www.bro.org/sphinx-git/script-reference/attributes.html
It's pretty new (though maybe it's actually where your questiosns are
coming from :)
To add a bit to that:
On Tue, Oct 28, 2014 at 18:10 -0700, anthony kasza wrote:
> &rotate_interval
> &rotate_size
This used to be primary log rotation mechanism before we switched to
the new logging system/format. I've been wondering if we should just
remove these attributes.
> &mergeable
> &synchronize (I think there was a post earlier last month about this one)
> &persistent
These are going to go away, but we aren't there yet. We may start
deprecating them with the next release, which is scheduled to ship
with a first version of their replacement, the new Broker library.
> &group
A bit of an obscure feature, originally added to toggle selected sets
of analysis dynamically from BroControl. Don't think that's used
anywhere and I'm inclined to remove it.
> &add_func
> &delete_func
These aren't used very often, but can be useful in individual cases.
> &encrypt (applying this to a file causes Bro to "elegantly terminate" for me)
> bro -Ci eth0 -e 'global f1: file = open("f.out") &encrypt'
Another relict from old-style logging, although the new framework
doesn't have any equivalent functionality yet.
Mind filing a ticket for the crash? We should either fix it or remove
the attribute.
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro
mailing list