Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@simonellistonball after some testing we concluded that Bro is not giving
the output we want (source: https://bro-tracker.atlassian.net/browse/BIT-1630).
The output doesn't contain hostnames, so the r
Github user simonellistonball commented on the issue:
https://github.com/apache/metron/pull/531
I'd love to see your bro PR expand for this @JonZeolla DHCP is a pretty key
source, and Bro is a great way to extract it from taps. Let me know if there is
anything I can do to help.
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
Is there enough interest for me to pursue support of this in #586? I could
probably throw that together today.
---
If your project is set up for it, you can reply to this email and have your
repl
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
Huh, look at that. It looks like it is [pretty
trivial](https://www.bro.org/sphinx/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro.html).
---
If your project is set up for it, you c
Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@nickwallen sometimes we are not able to grep DNS events from the customer
server. In these cases we use DHCPDump.
I've to admit, Bro is new to me, but it looks promising. If this can
fulfill
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
It looks like that's actually
[considered](https://github.com/bro/bro/blob/master/src/analyzer/protocol/dhcp/events.bif)
in bro, but not written to the log. Perhaps there is a trivial way to expos
Github user ctramnitz commented on the issue:
https://github.com/apache/metron/pull/531
dhcp also carries a client-id that is often (but not always and not
reliably) the hostname. While not reliable, this is intersting information,
especially since you don't have to perform (expensive
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
With bro there's also an option to [do a
lookup](https://github.com/bro/bro/blob/master/src/bro.bif#L3431-L3458) and
[add
it](https://www.bro.org/sphinx-git/frameworks/logging.html#add-fields-to-a
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
> If i'm correctly informed by the docs, bro will give you the IP and MAC
relation, which differs from DHCPDump which captures IP and Hostname relations.
Giving context to an IP by adding the Host
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
> So I would still like to discuss the opportunities of getting the
original DHCPDump log format into Metron via NiFi.
Sure, I think that sounds like another reasonable approach.
---
If
Github user basvdl commented on the issue:
https://github.com/apache/metron/pull/531
@nickwallen I agree that relying on a modified source is not ideal. However
with bro I'm not sure if you have all the functionality people wish for.
If i'm correctly informed by the docs, bro
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/531
I am a -1 on merging this PR. It relies on a forked version of the
original sensor which limits its general usefulness. I have concerns about
maintaining and supporting that fork long-term.
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/531
@JonZeolla does this relate to your latest PR (#586)? What is the status
of this pr?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as
13 matches
Mail list logo