[Bro] Capturing events
bltierney at lbl.gov
Thu Feb 2 16:37:53 PST 2006
On Feb 2, 2006, at 10:47 AM, David Vasil wrote:
> Would you recommend using BRO_CREATE_TRACE_FILE=YES instead of
> event-capture.bro? Besides being in a raw tcpdump format, what
> other benefits does the trace file give me? Thanks!
I use event-capture.bro mainly for debugging processing of external
events sent to Bro via
Broccoli. For example, we convert syslog events to something bro
understands and send them
to Bro for analysis via Broccoli.
More information about the Bro