[Bro] Bro connections v. NetFlow
Seth Hall
seth at icir.org
Tue Aug 30 07:09:18 PDT 2016
> On Aug 25, 2016, at 6:16 AM, Alec Waters <Alec.Waters at dataline.co.uk> wrote:
>
> We set our routers to export flows after one minute if they’re still in progress (it’ll continue to send a flow export every minute until it’s complete). More info here:
�
The fun part about Bro is that it's a scripting language and we can do whatever we want! :)
Here's a script that I wrote in Broala a while ago that we're releasing under the BSD license.
https://github.com/broala/bro-long-connections
I think I will need to do a bit more work on this to make it more like flow cutting, but at the very least it now makes active connections visible. Any feedback would be appreciated.
Thanks!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160830/eb717f06/attachment.bin
More information about the Bro
mailing list