bro_pdns.py missing

[gnomefish]

when I git clone bro_pdns.py is missing...

[JustinAzoff]

I re-wrote bro-pdns in go. It's faster and easier to deploy now.

It also no longer needs to be integrated directly with bro, you can just point it at the archived dns log files. the README shows how to get it working.. you basically just need to build it and index the logs.

[gnomefish]

Ah cool, I have no experience with installing GO stuff - any chance you could provide some more advanced install instructions? I got it to work eventually by downloading the missing files.

[JustinAzoff]

You just need a working go compiler installed and then you can run

go get -v github.com/JustinAzoff/bro-pdns

and that should (after a minute or two) give you a bro-pdns binary in ~/go/bin/bro-pdns

[JustinAzoff]

I could publish a binary release on github, I just haven't quite worked out the best way to automate that sort of thing..

Is that someone you would be interested in? I'm not sure if most people would rather build things themselves or run someone elses binary build.

[gnomefish]

Hi Justin,
It's absolutely fine as it is, it's my lack of "go" knowledge that prompted the question. As long as it has proper instructions anybody should be able to build it. Can you still log to MySQL?
Great stiff by the way!
L.

[JustinAzoff]

Ah.. I have not implemented a mysql backend yet. I spent a lot of time optimizing the sqlite and postgresql backends to be as fast as possible. I haven't had a chance to install mysql and work out what the proper queries are for it. I could get an initial backend working pretty easily, but it would probably be too slow for anything more than a small installation.

One of the issues with the python version was it would take too long to update the database if the database was running on another system because the per-query latency was too high. I worked out how to batch updates for postgresql so it's still fast even with a remote database.