[Bro] connecting to bro with broccoli

[Seth Hall]

On Sep 2, 2014, at 4:38 AM, daniel nagar <dngr7512 at gmail.com> wrote:

>> Why are you sending so much data by the way?  You may have approached the problem with a suboptimal design
> 
> I'm extracting information about HTTP requests/responses going through the network and I'm using an external database to save some of that data so I couldn't just use Bro scripting so using broccoli was a nice solution at that time.

Ah.  You could write a logging writer.  We do have an SQLite writer already and there is a PostgreSQL writer in the pipeline.  Alternately, you could write to a log on disk and then have some other process read that file in and pass it to the database.

>> There is already major overhaul of Bro's communication system underway
> 
> Is there a place I can find more information about that?

Not really yet.  It's in the early implementation phase still and there is no timeline on when it will be functional yet.

> Another problem I had is that I tried upgrading to Bro 2.3 but I couldn't receive any event through broccoli like I was receiving with Bro 2.2 no matter what configuration I was using on the bro client side, should have I enabled it on the Bro side somehow?

Are you positive that you're running all of the same scripts that you were and that you're using Broccoli from Bro 2.3?  I'm not sure off the top of my head if there were any compatibility changes between the two releases or not, but it's certainly possible.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140902/e3f0396e/attachment.bin