[Bro] SQLite logging and as white/blacklist in a cluster

Papulis, George george.papulis at wustl.edu
Wed Oct 26 14:24:47 PDT 2016

We do not use the notice log in this instance, but using the &synchronized and &create_expire attributes look perfect for what I'm trying to accomplish, and significantly easier to use, haha.

Thanks Justin!

From: Azoff, Justin S <jazoff at illinois.edu>
Sent: Wednesday, October 26, 2016 3:24:10 PM
To: Papulis, George
Cc: bro at bro.org
Subject: Re: [Bro] SQLite logging and as white/blacklist in a cluster

> On Oct 26, 2016, at 4:15 PM, Papulis, George <george.papulis at wustl.edu> wrote:
> Just once a day

If you are raising a notice, you can use suppression that is built in:


otherwise see how the known hosts policy does it:


- Justin Azoff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161026/cc631353/attachment-0001.html 

More information about the Bro mailing list