On Thu, Mar 8, 2018 at 11:12 AM, Robin Sommer <ro...@corelight.com> wrote:
> That brings up an interesting question on data store semantics in > offline vs online mode. Ideally, there wouldn't be any difference > between the two operation modes, so that running on a trace gives > exactly the same results as online. That would match how Bro generally > operates. Yeah, that's ideal. I was mostly eager to get into a stable "all tests pass" state with this possibly temporary commit. > Could we make data store expiration driven by network time? > That'd need an API for Bro to drive Broker time forward. And for the > initialization, maybe Bro could wait for the initialization to finish? Those were also my basic thoughts, though needs investigation to try things out (it's on my todo list). > Are there other differences with stores between online and offline > operation? Not that I've found yet. - Jon _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
