bro -w option
vern at ee.lbl.gov
Sat Jun 23 02:03:55 PDT 2001
> When is the -w option useful ?
> What is the real need to write the traffic to a tcpdump file if we are
> analysing it already
It can be very useful to be able to analyze traffic off-line in order
to explore changes to policy scripts. For operational use, my experience
is it's rare to wind up going to the trace file, so if the disk space
is a problem, skipping it should generally be okay.
More information about the Bro