[Bro] Two questions
erik clark
philosnef at gmail.com
Thu Nov 17 10:40:26 PST 2016
There is a dirty way you can do it without TOO much effort. Grep your
notice out of notice.log, store the conn_id in a flat file, iterate over it
periodically. For any conn_id not in your flat file, process it, store the
conn_id in the flatfile, and continue. This way you can just run a grep
driven script every X minutes to do this without much effort.
On a big link, this just isn't going to work. You might be grepping a
notice.log file hundreds of megs in size every X minutes, and thats just no
bueno. If you have a small link.... then thats different.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161117/7a9789eb/attachment.html
More information about the Bro
mailing list