Re: [Bro-Dev] error compiling master

nks for the pointer. Aashish On Tue, Jul 10, 2018 at 06:02:51PM -0500, Jon Siwek wrote: > On Tue, Jul 10, 2018 at 2:10 PM Aashish Sharma wrote: > > > [ 96%] Building CXX object > > libcaf_openssl/CMakeFiles/libcaf_openssl_shared.dir/src/manager.cpp.o > > clang: warn

Re: [Bro-Dev] error compiling master

4PM -0500, Daniel Thayer wrote: > Was master (after the broker merge) previously working on this same machine? > > It works for me on 10.4-RELEASE. Maybe you could try "make distclean" > and "git pull" and try again. > > > On 7/10/18 2:03 PM, Aashish Sharma w

[Bro-Dev] error compiling master

Probably obvious but I am not very sure so asking here. I see this error trying to build current master - Thoughts what am I missing ? (trying the build on: FreeBSD 10.3-STABLE) I am building as: ./configure --prefix=/usr/local/bro-master && make .. .. gmake[6]: Leaving directory

Re: [Bro-Dev] input-framework reporter_error vs reporter_warning events ?

The same could happen with bad data in a line of a file. These > situations do not cause Bro to stop watching input files anymore. The > old behavior is available through settings in the Ascii reader. > > Johanna > > On 20 Apr 2018, at 14:09, Aashish Sharma wrote: &g

[Bro-Dev] input-framework reporter_error vs reporter_warning events ?

While testing other stuff, I realized that if input-framework cannot find a file its now generating reporter_warning event instead of reporter_error ? Did "error" changed to "warning" for some reason ? Wasn't previously this a error condition ? 0.00Reporter::WARNING

Re: [Bro-Dev] scheduling events vs using _func ?

r 18, 2018 at 01:46:08PM +, Azoff, Justin S wrote: > > On Apr 17, 2018, at 4:04 PM, Aashish Sharma <asha...@lbl.gov> wrote: > > > > For now, I am resorting to _func route only. I think by using some > > more > > heuristics in worker's expire functions for

Re: [Bro-Dev] scheduling events vs using _func ?

Justin, On Wed, Apr 18, 2018 at 01:46:08PM +, Azoff, Justin S wrote: > How are you tracking slow scanners on the workers? If you have 50 workers > and you > are not distributing the data between them, there's only a 1 in 50 chance > that you'll > see the same scanner twice on the same

[Bro-Dev] scheduling events vs using _func ?

I have a aggregation policy where I am trying to keep counts of number of connections an IP made in a cluster setup. For now, I am using table on workers and manager and using expire_func to trigger worker2manager and manager2worker events. All works great until tables grow to > 1 million

Re: [Bro-Dev] timer delays between different events for same connection

, Aashish On Fri, Apr 13, 2018 at 07:46:33AM -0400, Seth Hall wrote: > > > On 13 Apr 2018, at 0:30, Aashish Sharma wrote: > > > So I am seeing some weird stuff in my sample pcap of scanners. May be > > too > > obvious and I am just not seeing why/how of it. >

[Bro-Dev] timer delays between different events for same connection

So I am seeing some weird stuff in my sample pcap of scanners. May be too obvious and I am just not seeing why/how of it. Here is the issue : ( I have time in human format for easier read): SO I just pick one session from conn.log and this is the connection in question: (there are many more

Re: [Bro-Dev] [Cron <bro@xx> /usr/local/bin/randsleep 59 && broctl cron]

Nevermind! Please ignore! Issue resolved - it was a mistake on my end! Aashish On Mon, Mar 19, 2018 at 4:11 PM, Aashish Sharma <asha...@lbl.gov> wrote: > So I just moved one of my boxes to bro-2.5.3 and see this report. > > Any ideas - ? permission issues or something else going

[Bro-Dev] [Cron <bro@xx> /usr/local/bin/randsleep 59 && broctl cron]

So I just moved one of my boxes to bro-2.5.3 and see this report. Any ideas - ? permission issues or something else going on with broctl cron ? Aashish - Forwarded message from Cron Daemon - Date: Mon, 19 Mar 2018 16:05:38 -0700 (PDT) From: Cron Daemon To: bro Subject: Cron

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

My view: I have again and again encountered 4 types cases while doing script/pkg work: 1) manager2worker: Input-framework reads external data and all workers need to see it. examples: intel-framework, 2) worker2manager: workers see something report to manager, manager keeps aggregated

Re: [Bro-Dev] bro-pkg dependencies ?

Ah! Nice. Yes, this is what I was looking for. Thanks for the pointer Seth! On Fri, Sep 08, 2017 at 02:45:21PM -0400, Seth Hall wrote: > > > On 8 Sep 2017, at 13:29, Aashish Sharma wrote: > > > Can we specify dependent packages in bro-pkg and would bro-pkg go and > &

Re: [Bro-Dev] bro-pkg dependencies ?

ry has that on his queue. > > > On Sep 8, 2017, at 12:29 PM, Aashish Sharma <asha...@lbl.gov> wrote: > > > > Can we specify dependent packages in bro-pkg and would bro-pkg go and > > resolve > > (install) those dependencies by itself ? > > > > Also

[Bro-Dev] bro-pkg dependencies ?

Can we specify dependent packages in bro-pkg and would bro-pkg go and resolve (install) those dependencies by itself ? Also, can we make the bro-pkg dump some output (notes) before? or after? pkg installation - something like see this file for details etc ? Aashish

Re: [Bro-Dev] input-framework file locations

[ re-igniting an OLD thread ] OK so @DIR sort of works. I've used this as global smtp_indicator_feed= fmt ("%s/feeds/smtp_malicious_indicators.out",@DIR) ; Problem is: @DIR gives the path of the directory where script is residing. So when I do broctl install - all the scripts go into :

Re: [Bro-Dev] Check if table element exists

(Not sure if I am interpreting your question right but here is how I read it) basically use "in" operator local my_ip_table : table[addr] of bool ; local ip: addr = 127.0.0.1 if ( ip in my_ip_table) found else not found btw, you can also use "!in" operator too which is

Re: [Bro-Dev] clusterization issue: logger node vs manager node or both ?

LOGGER node can affect the entire clusterization architecture. Aashish On Thu, Jun 01, 2017 at 02:10:47PM -0400, Seth Hall wrote: > On Thu, Jun 1, 2017 at 1:12 PM, Aashish Sharma <asha...@lbl.gov> wrote: > > > I can surely do "Cluster::local_node_type() =

[Bro-Dev] clusterization issue: logger node vs manager node or both ?

SO with the emergence of logging node, I am encoutering an issue with clusterization and was seeking feedback on whats a better way to do this. Presently I have been using: @if (( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) || ! Cluster::is_enabled()) @end if

Re: [Bro-Dev] can I send an opaque of bloomfilter over Cluster::manager2worker_event ?

> const global_hash_seed: string = "" Yes, with setting of global_hash_seed, bloomfilter movement across workers is working fine and as expected, I see from initial tests. While we are on this thread, is the following good or there is a better way to copy/merge bloomfilter once its sent

[Bro-Dev] can I send an opaque of bloomfilter over Cluster::manager2worker_event ?

I tried doing that and then merging with an existing (initialized) bloomfilter on worker. I see this error: 1493427133.170419 Reporter::INFO calling inside the m_w_add_bloom worker-1- 1493427133.170419 Reporter::ERROR incompatible hashers in BasicBloomFilter merge

[Bro-Dev] CMU/SEI C++ secure coding best practices

Anyone seen this out of CMU: SEI CERT C++ Coding Standard Rules for Developing Safe, Reliable, and Secure Systems in C++ http://cert.org/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf Not sure how good/bad/awesome/relevant this is. Aashish

[Bro-Dev] [desired broker api as oppose to whats in known-hosts.bro]

SO I came across a sample of Broker-API usage: when (local res = Broker::exists(Cluster::cluster_store, Broker::data("known_hosts"))) { local res_bool = Broker::refine_to_bool(res$result); if(res_bool) { when ( local res2 =

Re: [Bro-Dev] help Reading the backtrace

SO this doesn't (at the moment) seem to be related to table expiration. My table is maintained on manager and expire_func only runs on manager. But, I see 'a' worker stall with 99-100% CPU for a good while while all other workers go down to 5-6% CPU. conn.log continues to grow though GDB

Re: [Bro-Dev] help Reading the backtrace

Yes, I have been making heavy use of tables ( think a million entries a day and million expires a day) Let me figure out a way to upload the scripts on github or send them yours and justin's way otherwise. Strangely this code kept running fine for last month and reasonably stable. I am not

[Bro-Dev] help Reading the backtrace

So I am running a new detection package and everything seemed right but somehow since yesterday each worker is running at 5.7% to 6.3% CPU and not generating logs. The backtrace shows the following and how much (%) CPU is spending on what functions. Can someone help me read why might BRO

[Bro-Dev] broctl archive copy vs move

So if we have compresscmd unset then archive-log script does a copy: archive-log:nice cp $file_name "$dest" Any reason why it doesn't do move instead ? I propose changing cp to mv Aashish ___ bro-dev mailing list bro-dev@bro.org

[Bro-Dev] proxies and tree data structures

I have noticed that at times my proxies are spending way too much CPU (100% for extended duration) in tree operations which include inserts and tree_balance_after_insert. Anyone has any pointers to what might be going on proxies ? Aashish ___

[Bro-Dev] missing worker2manager and manager2worker events

I have noticed that sometimes (more often than not), not all workers see a manager2worker event or likewise not all workers report a worker2manager event on manager - missing as high as 10% of the events and as little as 1% of such events are 'missing' ie don't show up. This is puzzling since

Re: [Bro-Dev] bro-pkg upgrade and over-writing of files

On Tue, Nov 29, 2016 at 07:51:21PM +, Siwek, Jon wrote: > > But a new feature could be added to bro-pkg that allows package authors to > specify a list of config files in their bro-pkg.meta. Then on > install/upgrade/remove, if a user has made modifications to any of those > files, they

[Bro-Dev] bro-pkg upgrade and over-writing of files

Hello, I have a package where I provide a sample configuration file for people to redef according to their needs and specifics. Now everytime when they upgrade the package, I risk over writing their modified config file. SO I decided to call the config file scan-config.bro.orig but then I

Re: [Bro-Dev] Packet Brick question(s)

Scott, I was using the following script when I was playing with the packet-bricks Dec last year: utilObj = dofile("scripts/utils.lua") utilObj:enable_nmpipes() pe = PktEngine.new("e0") lb = Brick.new("LoadBalancer", 2) lb:connect_input("ix0") lb:connect_output("ix0{1", "ix0{2", "ix0{3",

[Bro-Dev] Adding event/notice at the end of log rotation

Would it be possible (also suggestion on what might be the best way) to add an event/execute a script once log-rotation/compression is complete. Use case: We archive the logs to a mass storage while leaving a local copy for N days. Right now, its a guessing game on when to run the nightly

Re: [Bro-Dev] [archive log failure]

if you made any changes to those scripts (a bug in > those scripts could potentially run make-archive-name with > invalid parameters). > > > On 10/3/16 3:18 PM, Aashish Sharma wrote: > >HI Daniel, > > > >>As for the strange directory names, one possible reason

Re: [Bro-Dev] [archive log failure]

e subdirectories of > the /logs/ directory, or if you noticed the presence of > a new spool/tmp/post-terminate-* directory. > > As for the strange directory names, one possible reason could be your > make-archive-name script is producing bad output. > > > > On 10/3/16 2:

[Bro-Dev] [archive log failure]

I see notifications as following: - Forwarded message from Xxx - Date: Mon, 3 Oct 2016 11:54:39 -0700 (PDT) From: To: Subject: [bro-cluster] archive log failure Unable to archive one or more logs in directory:

Re: [Bro-Dev] Bro IDS request

May be try: ftp://ftp.ee.lbl.gov/cf-1.2.5.tar.gz eg: cf conn.log | less On Fri, Aug 12, 2016 at 02:03:48PM -0400, Dave Florek wrote: > Hello, > > Because I lose so much processing power when manually converting Bro output > logs from Epoch to EST using bro-cut, can I have a feature that >

[Bro-Dev] testing topic/dnthayer/ticket1627

HI Daniel, Are there any specific node.cfg settings or broctl.cfg settings to run the Logging node ? Could you please point me to the right locations. Thanks, Aashish ___ bro-dev mailing list bro-dev@bro.org

[Bro-Dev] input-framework file locations

I have been thinking and trying different things but for now, it appears that if we are to share policies around, there is no easy way to be able to distribute input-files along with policy files. Basically, right now I use redef Scan::whitelist_ip_file =

Re: [Bro-Dev] Configurable _expire interval

HI Jan, > > A solution could be to evaluate the interval expression every time it is > > used inside the table implementation. The drawback would be that there For all of my needs above has worked fairly well. including using exp_val= 0 secs as default. Based on the value of item in the

Re: [Bro-Dev] CBAN design proposal

> In other words, my proposal is to put authors into control of their > code, and make them fully responsible for it too --- not us. We'd just > connect authors with users, with as little friction as possible. > I support this completely. > If we want some kind of quality measure, we could

Re: [Bro-Dev] declaration error: function type clash

Jan, > I guess the function for initialization receives the index that should > be initialized. Thank you. This works! For future reference: I also needed to convert the following table to use opaque of cardinality for this table grows reasonably big: global distinct_backscatter_peers:

[Bro-Dev] declaration error: function type clash

So I am trying to convert tables into using opaque of cardinality since thats more memory efficient (or counting bloomfilters for that matter): works: if table (0) converted to (1) errors: if table (2) converted to (3) Details: I am trying the following, original table (0) converted to (1):

Re: [Bro-Dev] bloomfilter_counting_init parameterization ?

Nevermind my email! I found: src/probabilistic/cardinality-counter.bif Thanks, Aashish On Mon, May 9, 2016 at 2:29 AM, Aashish Sharma <asha...@lbl.gov> wrote: > Matthias, > > I am encountering some big tables in my scan-detection heuristics and which > grow due t

Re: [Bro-Dev] bloomfilter_counting_init parameterization ?

Matthias, I am encountering some big tables in my scan-detection heuristics and which grow due to scanners: So was thinking of this possibility to use counting bloomfilters instead of tables and sets. After-all we are still looking for cardinality of tables and sets for identifying scanners.

[Bro-Dev] bloomfilter_counting_init parameterization ?

So I am trying to use bloomfilter_counting_init for keeping a count of uniq IPs seen within a subnet and instead of relying on a table or a set, I was toying with an idea of using bloomfilter_counting_init. However, I am not clear on the parameterization below: global

[Bro-Dev] cluster communication best practice?

I am in process of clusterizing a bunch of scripts and using worker2manager and manager2worker events for doing so. This seem to be working *quite fantastic* actually and I see 1-to-1 mapping on data moving around. I still don't quite understand how the communication happens in background

[Bro-Dev] [JIRA] (BIT-1472) Bif for a new function to calculates haversine distance between two geoip locations

[ https://bro-tracker.atlassian.net/browse/BIT-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=25205#comment-25205 ] Aashish Sharma commented on BIT-1472: - Until you are set to update libGeoIP2 API, could you add this bif

[Bro-Dev] MOTS and bro ?

I got a query from ANL about Bro's capability to detect MOTS: "I had a question for you – I was at a talk last week, and someone was talking about a Man on the Side attack. The presenter had indicated that suricata was currently the only tool doing this detection, but that they

Re: [Bro-Dev] current_time() vs network_time()

+ ##|| report_hour == 16 || report_hour == 23) && report_min == 0 && report_sec == 0) + +if (current_time() > nrt) { + nrt = next_report_time(); } } On Wed, Nov 18, 2015 at 11:34:39AM -0800, Craig Leres wrote: > On 11/18/2015 10:58 AM, Aas

[Bro-Dev] current_time() vs network_time()

So, I am trying to have bro send me report/alerts at specific timeslots. Given current_time is the wall-clock time, I am relying on current_time() function to get time and then, my code is : if (hh:mm:ss == desired time), run a report. I noticed inconsistencies so here is more detailed debug

Re: [Bro-Dev] current_time() vs network_time()

Much better way! Thanks Craig! Aashish On Wed, Nov 18, 2015 at 11:34:39AM -0800, Craig Leres wrote: > On 11/18/2015 10:58 AM, Aashish Sharma wrote: > > So, I am trying to have bro send me report/alerts at specific timeslots. > > > > Given current_time is the wall-cloc

[Bro-Dev] [JIRA] (BIT-835) Porting Drop and Catch-n-release to 2.0

[ https://bro-tracker.atlassian.net/browse/BIT-835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=21955#comment-21955 ] Aashish Sharma commented on BIT-835: I'd take this one! On Fri, Sep 04, 2015 at 07:52:00AM -0500, Seth

Re: [Bro-Dev] [JIRA] (BIT-835) Porting Drop and Catch-n-release to 2.0

t; > Project: Bro Issue Tracker > > Issue Type: New Feature > > Components: Bro > >Affects Versions: git/master > >Reporter: Aashish Sharma > > Fix For: 2.5 > > > > Attachments: drop.bro, d

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=21954#comment-21954 ] Aashish Sharma commented on BIT-1396: - Please close it! If I encounter this again, I will request a new

[Bro-Dev] [JIRA] (BIT-1472) Bif for a new function to calculates haversine distance between two geoip locations

Aashish Sharma created BIT-1472: --- Summary: Bif for a new function to calculates haversine distance between two geoip locations Key: BIT-1472 URL: https://bro-tracker.atlassian.net/browse/BIT-1472

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20918#comment-20918 ] Aashish Sharma commented on BIT-1396: - Issue Remains. I am not sure what specific crashes

[Bro-Dev] some Broker questions

I am trying using BrokerStore with a master and a clone setup. Where by I was thinking of using master on manager and all the workers are clones. However, I am somewhat confused at a few things - attaching the sample policies used: 1) I see that stores-listener.bro has clone created into it

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20715#comment-20715 ] Aashish Sharma commented on BIT-1396: - I found the 'missing' logs in spool/tmp/crash_dump

[Bro-Dev] broctl restart --clean

is not running. I think restart --clean should first check configurations (step 3) and then if success, move further or stop. buggy/typo scripts are preffered to be debugged while bro is running. Aashsih -- Aashish Sharma (asha...@lbl.gov) Cyber Security

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

Aashish Sharma created BIT-1396: --- Summary: Logs disappearing on broctl restart Key: BIT-1396 URL: https://bro-tracker.atlassian.net/browse/BIT-1396 Project: Bro Issue Tracker Issue Type

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20702#comment-20702 ] Aashish Sharma commented on BIT-1396: - Example: -rw-r--r-- 1 bro bro81M May 13 13:33

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20706#comment-20706 ] Aashish Sharma commented on BIT-1396: - Yes, nothing in stderr.log - likely got over-written

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20704#comment-20704 ] Aashish Sharma commented on BIT-1396: - Ah! Yes, I see logs in spool/tmp/post-terminate-

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20707#comment-20707 ] Aashish Sharma commented on BIT-1396: - Um! Well the stderr.log in spool/tmp/port-terminate

[Bro-Dev] [JIRA] (BIT-1396) Logs disappearing on broctl restart

[ https://bro-tracker.atlassian.net/browse/BIT-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20706#comment-20706 ] Aashish Sharma edited comment on BIT-1396 at 5/14/15 6:19 PM: -- Yes

[Bro-Dev] [JIRA] (BIT-1306) bro process would get stuck/freeze with myricom drivers

[ https://bro-tracker.atlassian.net/browse/BIT-1306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aashish Sharma updated BIT-1306: Yes, So sorry, I couldn't get to it soon enough. Yes, Patch fixes the problem. Aashish

[Bro-Dev] [JIRA] (BIT-1370) SIP Analyzer

[ https://bro-tracker.atlassian.net/browse/BIT-1370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20222#comment-20222 ] Aashish Sharma commented on BIT-1370: - I've been running vlad's branch

[Bro-Dev] [JIRA] (BIT-1326) Broctl installation requires sqlite but does not check for its presence

[ https://bro-tracker.atlassian.net/browse/BIT-1326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20022#comment-20022 ] Aashish Sharma commented on BIT-1326: - I am trying to test some stuff with the current

[Bro-Dev] [JIRA] (BIT-1182) Input-framework thread spwan

[ https://bro-tracker.atlassian.net/browse/BIT-1182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aashish Sharma updated BIT-1182: Resolution: Fixed Status: Closed (was: Open) I tested out 30K+ adds/deletes with input

[Bro-Dev] [JIRA] (BIT-1335) Extract all files policy script

[ https://bro-tracker.atlassian.net/browse/BIT-1335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=19942#comment-19942 ] Aashish Sharma commented on BIT-1335: - I prefer keeping protocol + fid - Easy to sort

[Bro-Dev] [JIRA] (BIT-1182) Input-framework thread spwan

[ https://bro-tracker.atlassian.net/browse/BIT-1182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=19908#comment-19908 ] Aashish Sharma commented on BIT-1182: - ah! that makes sense now. You are correct. I

[Bro-Dev] [JIRA] (BIT-1306) bro process would get stuck/freeze with myricom drivers

Aashish Sharma created BIT-1306: --- Summary: bro process would get stuck/freeze with myricom drivers Key: BIT-1306 URL: https://bro-tracker.atlassian.net/browse/BIT-1306 Project: Bro Issue Tracker

Re: [Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

that was identified. -- This message was sent by Atlassian JIRA (v6.4-OD-09-005#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Aashish Sharma (asha...@lbl.gov

[Bro-Dev] [JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic

[ https://bro-tracker.atlassian.net/browse/BIT-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=18703#comment-18703 ] Aashish Sharma commented on BIT-1286: - This is a very neat policy for sure!! -- Aashish

Re: [Bro-Dev] Plugins providing threads?

/mailman/listinfo/bro-dev -- Aashish Sharma (asha...@lbl.gov) Cyber Security, Lawrence Berkeley National Laboratory http://go.lbl.gov/pgp-aashish Office: (510)-495-2680 Cell: (510)-612-7971 pgp8APRygUKSj.pgp Description: PGP signature

Re: [Bro-Dev] Bro + real-time question

___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Aashish Sharma (asha...@lbl.gov) Cyber Security, Lawrence Berkeley National Laboratory http://go.lbl.gov/pgp-aashish

[Bro-Dev] [JIRA] (BIT-1140) Bloomfilter hashing problem

[ https://bro-tracker.atlassian.net/browse/BIT-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16825#comment-16825 ] Aashish Sharma commented on BIT-1140: - SO I have been running the code for last 5 days

[Bro-Dev] [JIRA] (BIT-1204) broctl query|print timesout for really large tables

[ https://bro-tracker.atlassian.net/browse/BIT-1204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aashish Sharma updated BIT-1204: Resolution: Fixed Status: Closed (was: Open) setting CommTimeout = 300 ( or higher number

[Bro-Dev] [JIRA] (BIT-1204) broctl query|print timesout for really large tables

[ https://bro-tracker.atlassian.net/browse/BIT-1204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16823#comment-16823 ] Aashish Sharma commented on BIT-1204: - Yes ! increasing CommTimeout works well

[Bro-Dev] [JIRA] (BIT-1204) broctl query|print timesout for really large tables

Aashish Sharma created BIT-1204: --- Summary: broctl query|print timesout for really large tables Key: BIT-1204 URL: https://bro-tracker.atlassian.net/browse/BIT-1204 Project: Bro Issue Tracker

[Bro-Dev] [JIRA] (BIT-1140) Bloomfilter hashing problem

[ https://bro-tracker.atlassian.net/browse/BIT-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16801#comment-16801 ] Aashish Sharma commented on BIT-1140: - Thanks for the fix Matthias. I am testing your topic

[Bro-Dev] [JIRA] (BIT-1180) Input framework subsiquient REREAD fails after file update

Aashish Sharma created BIT-1180: --- Summary: Input framework subsiquient REREAD fails after file update Key: BIT-1180 URL: https://bro-tracker.atlassian.net/browse/BIT-1180 Project: Bro Issue Tracker

[Bro-Dev] [JIRA] (BIT-1181) Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures

Aashish Sharma created BIT-1181: --- Summary: Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures Key: BIT-1181 URL: https://bro-tracker.atlassian.net/browse/BIT-1181

[Bro-Dev] [JIRA] (BIT-1140) Bloomfilter hashing problem

[ https://bro-tracker.atlassian.net/browse/BIT-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aashish Sharma updated BIT-1140: Attachment: bloom-test2.bro bloom-test-short.bro Test files to reproduce

[Bro-Dev] [JIRA] (BIT-1140) Bloomfilter hashing problem

[ https://bro-tracker.atlassian.net/browse/BIT-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16010#comment-16010 ] Aashish Sharma commented on BIT-1140: - Matthias, I have created two simple test files

Re: [Bro-Dev] [JIRA] (BIT-1138) UDP scan detection generates a large number of triggers

I haven't got chance to measure if the fix is effective or not yet. I have start measuring the CPU spikes in this week after putting in the fix for scan_udp.bro. I should have some results in a couple of days. Aashish On Tue, Feb 18, 2014 at 2:19 PM, Jon Siwek (JIRA)

[Bro-Dev] [JIRA] (BIT-1126) Logs disappearing after bro termination

Aashish Sharma created BIT-1126: --- Summary: Logs disappearing after bro termination Key: BIT-1126 URL: https://bro-tracker.atlassian.net/browse/BIT-1126 Project: Bro Issue Tracker Issue Type