[Bro] Bro connections v. NetFlow
Michał Purzyński
michalpurzynski1 at gmail.com
Tue Aug 30 09:44:35 PDT 2016
Have you tested it with loooots of connections? How hard it is on the memory and CPU?
> On 30 Aug 2016, at 16:09, Seth Hall <seth at icir.org> wrote:
>
>
>> On Aug 25, 2016, at 6:16 AM, Alec Waters <Alec.Waters at dataline.co.uk> wrote:
>>
>> We set our routers to export flows after one minute if they’re still in progress (it’ll continue to send a flow export every minute until it’s complete). More info here:
> �
> The fun part about Bro is that it's a scripting language and we can do whatever we want! :)
>
> Here's a script that I wrote in Broala a while ago that we're releasing under the BSD license.
> https://github.com/broala/bro-long-connections
>
> I think I will need to do a bit more work on this to make it more like flow cutting, but at the very least it now makes active connections visible. Any feedback would be appreciated.
>
> Thanks!
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list