[Bro] feeding bro cluster with parameters without restarting it

Jan Grashöfer jan.grashoefer at gmail.com
Thu Mar 2 02:45:57 PST 2017


> Can I add elements to a table inside bro from lets say a syslog message or
> any other faster method ?

There is a syslog analyzer you could theoretically use (
https://www.bro.org/sphinx/script-reference/proto-analyzers.html#bro-syslog)
but I would strongly discourage mixing monitored traffic and control
traffic. If you want to interact with Bro, broker might be of interest
for you
(https://www.bro.org/sphinx/components/broker/broker-manual.html). For
example, I have used broker to write a python script that allows to
delete intel items.

Jan


More information about the Bro mailing list