[Bro] Bro Time Machine is EOL?

Michael Shirk shirkdog.bsd at gmail.com
Tue Mar 13 03:42:51 PDT 2018


Aashish, are you running this on FreeBSD 10? I ran into an issue with
building on FreeBSD 11 and 12-CURRENT that I have not had time to
debug. The code built fine on 10.3.

On Mon, Mar 12, 2018 at 4:53 PM, Aashish Sharma <asharma at lbl.gov> wrote:
>>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro or
>
> Not quite. Atleast LBNL isn't letting it EOL. We had a very sharp student Naoki
> Eto work/upgrade/optimize it a couple years ago:
>
> Naoki's branch : topic/naokieto/ipv6 branch.
>
> I made some some minor tweaks related to VLANs and we use topic/aashish/ipv6
>
> Naoki's or my branch has very stable code - has IPv6 support built in, also a
> ton of optimizations in performance. LBL uses this code for production and this
> branch been running easily for 3+ years with < 1G mem and < 9% CPU with 0.02%
> cummulative packet drops on our external-DMZ taps.
>
> We don't use indexes.
>
> Also, I have two bro scripts which if enabled help estimate what cutoffs you
> should setup in your network for gaining 99.999% coverage for each bucket. And a
> python script which does similar counts on bro's connection logs.
>
> https://github.com/initconf/timemachine-conf-scripts
>
> SO yea, timemachine is very much in production and doing well. I just couldn't
> get Naoki's branch merged into master. But use naoki (or my branch) and you'd
> have pretty stable and IPv6 support code.
>
> let me know if you have any related questions.
>
> Thanks,
> Aashish
>
>
> On Mon, Mar 12, 2018 at 08:22:37AM +0100, C. L. Martinez wrote:
>> Hi all,
>>
>>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro or
>> do I need an external software like tcpdump, netsniff, etc?
>>
>> Thanks.
>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com


More information about the Bro mailing list