[Bro] Bro Time Machine is EOL?

Aashish Sharma asharma at lbl.gov
Mon Mar 12 13:53:02 PDT 2018


>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro or

Not quite. Atleast LBNL isn't letting it EOL. We had a very sharp student Naoki
Eto work/upgrade/optimize it a couple years ago: 

Naoki's branch : topic/naokieto/ipv6 branch. 

I made some some minor tweaks related to VLANs and we use topic/aashish/ipv6

Naoki's or my branch has very stable code - has IPv6 support built in, also a
ton of optimizations in performance. LBL uses this code for production and this
branch been running easily for 3+ years with < 1G mem and < 9% CPU with 0.02%
cummulative packet drops on our external-DMZ taps. 

We don't use indexes. 

Also, I have two bro scripts which if enabled help estimate what cutoffs you
should setup in your network for gaining 99.999% coverage for each bucket. And a
python script which does similar counts on bro's connection logs. 

https://github.com/initconf/timemachine-conf-scripts

SO yea, timemachine is very much in production and doing well. I just couldn't
get Naoki's branch merged into master. But use naoki (or my branch) and you'd
have pretty stable and IPv6 support code. 

let me know if you have any related questions. 

Thanks, 
Aashish 


On Mon, Mar 12, 2018 at 08:22:37AM +0100, C. L. Martinez wrote:
> Hi all,
> 
>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro or
> do I need an external software like tcpdump, netsniff, etc?
> 
> Thanks.

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list