Justin

It should with that change :-)

I re-wrote bro-pdns in go. It's faster and easier to deploy now. It also no longer needs to be integrated directly with bro, you can just point it at the...

You just need a working go compiler installed and then you can run go get -v github.com/JustinAzoff/bro-pdns and that should (after a minute or two) give you a bro-pdns binary...

I could publish a binary release on github, I just haven't quite worked out the best way to automate that sort of thing.. Is that someone you would be interested...

Ah.. I have not implemented a mysql backend yet. I spent a lot of time optimizing the sqlite and postgresql backends to be as fast as possible. I haven't had...

Hi! I'm somewhat familiar with this process.. looking into things on my laptop here (2.7 GHz Intel Core i7) I get the following performance to start: ``` In [2]: %time...

I don't thing consistency in the face of a kernel panic or power failure is a requirement based on how that code is used. Adding 2 fsyncs to every file...

This should be able to be implemented as a PktSrc plugin. It would likely never support the same syntax as wireshark, but it could be close. If the plugin was...

Also.. this doesn't have to be included in zeek (and subject to zeek release schedules), Many PktSrc plugins are external projects, like af_packet, pf_ring, myricom, netmap.

I think this part is most telling: > there's a flurry of activity in cluster.log that looks very confused "A lot of unrelated things happening when a single endpoint changes"...