[Bro] Bro Time Machine is EOL?

C. L. Martinez carlopmart at gmail.com
Tue Mar 13 04:06:17 PDT 2018 

Yep, I am really interested because I will run this on FreeBSD too ...


On Tue, Mar 13, 2018 at 11:42 AM, Michael Shirk <shirkdog.bsd at gmail.com>
wrote:

> Aashish, are you running this on FreeBSD 10? I ran into an issue with
> building on FreeBSD 11 and 12-CURRENT that I have not had time to
> debug. The code built fine on 10.3.
>
> On Mon, Mar 12, 2018 at 4:53 PM, Aashish Sharma <asharma at lbl.gov> wrote:
> >>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro
> or
> >
> > Not quite. Atleast LBNL isn't letting it EOL. We had a very sharp
> student Naoki
> > Eto work/upgrade/optimize it a couple years ago:
> >
> > Naoki's branch : topic/naokieto/ipv6 branch.
> >
> > I made some some minor tweaks related to VLANs and we use
> topic/aashish/ipv6
> >
> > Naoki's or my branch has very stable code - has IPv6 support built in,
> also a
> > ton of optimizations in performance. LBL uses this code for production
> and this
> > branch been running easily for 3+ years with < 1G mem and < 9% CPU with
> 0.02%
> > cummulative packet drops on our external-DMZ taps.
> >
> > We don't use indexes.
> >
> > Also, I have two bro scripts which if enabled help estimate what cutoffs
> you
> > should setup in your network for gaining 99.999% coverage for each
> bucket. And a
> > python script which does similar counts on bro's connection logs.
> >
> > https://github.com/initconf/timemachine-conf-scripts
> >
> > SO yea, timemachine is very much in production and doing well. I just
> couldn't
> > get Naoki's branch merged into master. But use naoki (or my branch) and
> you'd
> > have pretty stable and IPv6 support code.
> >
> > let me know if you have any related questions.
> >
> > Thanks,
> > Aashish
> >
> >
> > On Mon, Mar 12, 2018 at 08:22:37AM +0100, C. L. Martinez wrote:
> >> Hi all,
> >>
> >>  Is Time Machine EOL? Is it possible accomplish packet capture with Bro
> or
> >> do I need an external software like tcpdump, netsniff, etc?
> >>
> >> Thanks.
> >
> >> _______________________________________________
> >> Bro mailing list
> >> bro at bro-ids.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> http://www.daemon-security.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180313/0f150186/attachment.html

More information about the Bro mailing list