[Bro] Capturing events

David Vasil dmvasil at ornl.gov
Thu Feb 2 10:47:01 PST 2006


Would you recommend using BRO_CREATE_TRACE_FILE=YES instead of 
event-capture.bro?  Besides being in a raw tcpdump format, what other 
benefits does the trace file give me?  Thanks!

-- 
| David Vasil <dmvasil at ornl.gov>
| Oak Ridge National Laboratory NCCS Division
| High Performance Computing Systems Administrator
| Bldg: 5600-A115  Phone: (865)241-5562



More information about the Bro mailing list