[Bro] Adding dns entry to bro logs
Azoff, Justin S
jazoff at illinois.edu
Wed Jul 26 10:35:06 PDT 2017
> On Jul 26, 2017, at 1:21 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>
>
> Another idea: If you monitor the DHCP traffic with Bro as well, wouldn't
> it be possible to react on new leases, do the lookup using "when" and
> store that info in the table?
Yes.. if bro saw the DHCP traffic it could do this directly. There are some other challenges with that approach, like what happens when bro first starts up and it hasn't seen any dhcp traffic yet. If the lease times are long it could be a while before it has any data.
--
- Justin Azoff
More information about the Bro
mailing list