[Bro] feeding bro cluster with parameters without restarting it
Jan Grashöfer
jan.grashoefer at gmail.com
Thu Mar 2 02:45:57 PST 2017
> Can I add elements to a table inside bro from lets say a syslog message or
> any other faster method ?
There is a syslog analyzer you could theoretically use (
https://www.bro.org/sphinx/script-reference/proto-analyzers.html#bro-syslog)
but I would strongly discourage mixing monitored traffic and control
traffic. If you want to interact with Bro, broker might be of interest
for you
(https://www.bro.org/sphinx/components/broker/broker-manual.html). For
example, I have used broker to write a python script that allows to
delete intel items.
Jan
More information about the Bro
mailing list