[Bro] Trace Files
rporada at ll.mit.edu
Thu Oct 4 08:55:43 PDT 2007
On the Bro wiki it mentions that Bro can be configured to output
captured packets that look suspicious. The documentation regarding
trace files seems to stop there. I know there is a -w flag, but
that seems to be more related to using bro with the -i option, not
for getting suspicious traffic. What do I need to do to configure
Bro to output a trace file?
That would be one additional capability that I would compliment
separating out my TG traffic and other traffic mentioned in the
'Question about Bro Capabilities' thread.
More information about the Bro