[Bro] Trace Files

Reed Porada rporada at ll.mit.edu
Thu Oct 4 08:55:43 PDT 2007

On the Bro wiki it mentions that Bro can be configured to output  
captured packets that look suspicious.  The documentation regarding  
trace files seems to stop there.   I know there is a -w flag, but  
that seems to be more related to using bro with the -i option, not  
for getting suspicious traffic.  What do I need to do to configure  
Bro to output a trace file?

That would be one additional capability that I would compliment  
separating out my TG traffic and other traffic mentioned in the  
'Question about Bro Capabilities' thread.


More information about the Bro mailing list