[Bro] Long lived MySQL session stops generating events
Seth Hall
seth at corelight.com
Wed Oct 17 08:25:52 PDT 2018
On 15 Oct 2018, at 15:08, Jon Siwek wrote:
> else it would be better if anyone
> wanted to investigate how much it would take to get the MySQL
> parser/analyzer able to pick up and analyze sessions already mid-way
> in progress.
I don't know how difficult this would be, but personally I've been
putting off too much work into these sorts of efforts with the existing
binpac analyzers because Spicy should have a mechanism to make analyzers
"re-synching". I did it with SMB and it was a little tricky to get
right.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list