[Bro] Bro Digest, Vol 127, Issue 46

John Edwards jedwards2728 at gmail.com
Mon Nov 28 15:27:38 PST 2016 

Where is this line defined? what file would i define this once i create sub
folders for file types?  I wish to get cron to compress specific folders to
save disk space.

Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);

Cheers,
John

On Tue, Nov 29, 2016 at 7:00 AM, <bro-request at bro.org> wrote:

> Send Bro mailing list submissions to
>         bro at bro.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> or, via email, send a message with subject or body 'help' to
>         bro-request at bro.org
>
> You can reach the person managing the list at
>         bro-owner at bro.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Bro digest..."
>
>
> Today's Topics:
>
>    1. Re: Bro 2.5 CPU usage (Drew Dixon)
>    2. File extraction in different directories (maybe day vise)
>       (fatema bannatwala)
>    3. Re: File extraction in different directories (maybe day vise)
>       (Hosom, Stephen M)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 28 Nov 2016 13:19:47 -0500
> From: Drew Dixon <dwdixon at umich.edu>
> Subject: Re: [Bro] Bro 2.5 CPU usage
> To: Daniel Thayer <dnthayer at illinois.edu>
> Cc: bro at bro.org
> Message-ID:
>         <CA+pNqTOFXBseTFHdQqKM2r=FyZEGUH9Gj4O7i=Sn9PoZLbU-3w@
> mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Would it be possible for someone quantify what a low bandwidth/low traffic
> setup might be in terms of a bandwidth unit of measurement range where
> Justin's patch would be advised to be used? I.E. Kbps/Mbps etc.  What would
> be a cut-off bandwidth/traffic rate value where it would not be advisable
> that this patch be used?
>
> On Fri, Nov 25, 2016 at 1:54 PM, Daniel Thayer <dnthayer at illinois.edu>
> wrote:
>
> > Regarding broctl, you can disable the "not seeing any packets"
> > warnings if you set this in your etc/broctl.cfg:
> > StatsLogEnable = 0
> >
> > Doing so will also disable logging to broctl's stats.log (note:
> > this is NOT the stats.log that Bro itself logs), which I'm
> > guessing most people don't need anyway.
> >
> >
> > On 11/25/16 11:43 AM, Michael Shirk wrote:
> > > Is this something worthy of a feature request for low bandwidth setups?
> > >
> > > In addition to something like this, I have to do a patch for very low
> > > network traffic with bro cron reporting network traffic has stopped on
> > > the monitoring interface.
> > >
> > > --
> > > Michael Shirk
> > > Daemon Security, Inc.
> > > http://www.daemon-security.com
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/
> 20161128/03d37f8d/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Mon, 28 Nov 2016 14:14:37 -0500
> From: fatema bannatwala <fatema.bannatwala at gmail.com>
> Subject: [Bro] File extraction in different directories (maybe day
>         vise)
> To: bro at bro.org
> Message-ID:
>         <CACX0rUSYj_8JnSwS7ZKjef=HNsKDnX6z+oxFo-VXw7mO0xZ4WA at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> HI,
>
> Just wanted to check-in, so that I don't re-invent the wheel, is there any
> way, or if somebody has tried extracting the files in different
> directories,i.e maybe in daily directory (just like bro logs the events in
> the day vise directory)?
> Right now we have over thousands of files extracted in a single directory
> and it's getting harder to manage the one single directory to access the
> extracted files, hence was looking into the Bro logging framework so that I
> can steal some code from the event logging and rotation part for the file
> extraction script.
> Any other way around to it?
>
> Appreciate the help.
>
> Thanks,
> Fatema.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/
> 20161128/0453d91c/attachment-0001.html
>
> ------------------------------
>
> Message: 3
> Date: Mon, 28 Nov 2016 19:46:20 +0000
> From: "Hosom, Stephen M" <hosom at battelle.org>
> Subject: Re: [Bro] File extraction in different directories (maybe day
>         vise)
> To: fatema bannatwala <fatema.bannatwala at gmail.com>, "bro at bro.org"
>         <bro at bro.org>
> Message-ID:
>         <E5A2071C6FFFF640B714C224139C9B3327DEFC0F at WP-MBX2B.milky-
> way.battelle.org>
>
> Content-Type: text/plain; charset="utf-8"
>
> One of the arguments for attaching the file extraction analyzer is the
> filename that you want it to extract to. So long as you?re building this
> filename on the fly every time you attach the analyzer, you should be able
> to specify a different directory for every file?if you wished for such a
> thing.
>
> Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
>
> Where I have specified ?fname?, just specify the string of the
> filename/path that you would like to store the file.
>
> From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of
> fatema bannatwala
> Sent: Monday, November 28, 2016 2:15 PM
> To: bro at bro.org
> Subject: [Bro] File extraction in different directories (maybe day vise)
>
> HI,
>
> Just wanted to check-in, so that I don't re-invent the wheel, is there any
> way, or if somebody has tried extracting the files in different
> directories,i.e maybe in daily directory (just like bro logs the events in
> the day vise directory)?
> Right now we have over thousands of files extracted in a single directory
> and it's getting harder to manage the one single directory to access the
> extracted files, hence was looking into the Bro logging framework so that I
> can steal some code from the event logging and rotation part for the file
> extraction script.
> Any other way around to it?
>
> Appreciate the help.
>
> Thanks,
> Fatema.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/
> 20161128/061b9e37/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Bro mailing list
> Bro at bro.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> End of Bro Digest, Vol 127, Issue 46
> ************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161129/8521b854/attachment.html

More information about the Bro mailing list