[Bro] delayed bro operation
Frank Meier
franky.meier.1 at gmx.de
Mon Apr 27 00:29:43 PDT 2015
Hi.
On Fr, Apr 24, 2015 at 4:23 , Seth Hall <seth at icir.org> wrote:
>
>> On Apr 24, 2015, at 5:16 AM, Frank Meier <franky.meier.1 at gmx.de>
>> wrote:
>>
>> A policy forces me to run bro in a separate network. So the
>> captured PCAPs are
>> transfered to the bro network for logging purposes. How would I
>> handle delays
>> in feeding bro with the PCAPS? Would connections spanning multiple
>> PCAPs be a
>> problem?
>
> This is a problem that PacketBricks[1] will be able to solve
> eventually. It’s not there yet, but eventually you’ll be able to
> create a load balancing architecture with persistent
> Bro/Snort/Suricata/etc processes and tell PacketBricks to read PCAPs
> as you get them in place (and, yes, I did just say clustered PCAP
> processing!). Unfortunately this scenario is not quite ready in
> PacketBricks.
>
Thanks, I will have a look into that!
Franky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150427/457862ab/attachment.html
More information about the Bro
mailing list