[Bro] Real-time reporting from multiple sensors to multiple analysis points
marcin.nawrocki at fu-berlin.de
Mon Jul 3 03:51:39 PDT 2017
Dear bro mailing list,
I have a question regarding the configuration of bro and its real-time
Right now, I have two sensors (s1, s2), each running one bro node with
log files rotating every hour. After the rotation, I send the files from
each sensor to an analysis point (a1) via scp and perform my analysis steps.
My requirements changed now: I want to know what happens on the sensors
in almost real-time. How do I send reports from (s1,s2) with a max.
delay of 10 seconds to another analysis point (a2)? The reports can
still reach (a1) every hour to keep the load low. My intuition tells me,
that a very low rotation interval and scp are not the best practice here.
More information about the Bro