[Bro] Bro-ids dpd offline analysis
geek00l at gmail.com
Wed Dec 6 00:47:47 PST 2006
I'm wondering are there any examples showing how to use bro with all the
argument options, I found it kinda confusing especially for people who new
to bro-ids and not much result when I tried googling. Maybe having all the
usage examples in the wiki would be much help.
By the way I'm wondering is there a way to do offline analysis to pcap using
dpd. I have checked out brolite.bro where it loads -
I tried to load all this to mt.bro, and running -
bro -r test.pcap mt
It runs fine if without loading all the dpd related analyzers, however I
have gone through all the bro workshop presentation slides and come across
the DPD performance test where it is used to run offline analysis against
large pcap files(The presentation that done by Robin). I would like to know
how the test is conducted and how one can do efficient offline bulk data
analysis with new bro-1.2.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro