Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@simonellistonball after some testing we concluded that Bro is not giving
the output we want (source: https://bro-tracker.atlassian.net/browse/BIT-1630).
The output doesn't contain hostnames, so the
Github user simonellistonball commented on the issue:
https://github.com/apache/metron/pull/531
I'd love to see your bro PR expand for this @JonZeolla DHCP is a pretty key
source, and Bro is a great way to extract it from taps. Let me know if there is
anything I can do to help.
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
Is there enough interest for me to pursue support of this in #586? I could
probably throw that together today.
---
If your project is set up for it, you can reply to this email and have your
Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@nickwallen sometimes we are not able to grep DNS events from the customer
server. In these cases we use DHCPDump.
I've to admit, Bro is new to me, but it looks promising. If this can
Github user ctramnitz commented on the issue:
https://github.com/apache/metron/pull/531
dhcp also carries a client-id that is often (but not always and not
reliably) the hostname. While not reliable, this is intersting information,
especially since you don't have to perform
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
With bro there's also an option to [do a
lookup](https://github.com/bro/bro/blob/master/src/bro.bif#L3431-L3458) and
[add
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
> If i'm correctly informed by the docs, bro will give you the IP and MAC
relation, which differs from DHCPDump which captures IP and Hostname relations.
Giving context to an IP by adding the
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
> So I would still like to discuss the opportunities of getting the
original DHCPDump log format into Metron via NiFi.
Sure, I think that sounds like another reasonable approach.
---
If
Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@nickwallen I agree that relying on a modified source is not ideal. However
with bro I'm not sure if you have all the functionality people wish for.
If i'm correctly informed by the docs, bro
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
I am a -1 on merging this PR. It relies on a forked version of the
original sensor which limits its general usefulness. I have concerns about
maintaining and supporting that fork long-term.
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/531
@JonZeolla does this relate to your latest PR (#586)? What is the status
of this pr?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as
11 matches
Mail list logo
