[Bro] Broker - File Extraction
Seth Hall
seth at icir.org
Wed Aug 12 07:00:29 PDT 2015
> On Aug 12, 2015, at 12:13 AM, anthony kasza <anthony.kasza at gmail.com> wrote:
>
> I was doing some reading on broker and came across the remote logging section of the documentation. This seems very useful.
> Is there a mechanism for remote file extraction? I think it would be useful to be able to extract files to a remote system instead of a local directory. Is this possible with broker?
Adding to what Jon said, this was something he and I discussed a lot while the files framework was being developed. I suspect that at some point it will be added as a supported feature in Bro but there are so many edge cases to how this needs to be handled that it wasn’t quite an immediately obvious feature to implement so we skipped it initially.
My aim for it is to be able to extract BitTorrent transfers on clusters. That’s super complicated and will take some time unfortunately but we have continued laying the groundwork for it. For instance, full file reassembly went into Bro 2.4 which was a requirement for actually doing this correctly.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list