[Bro] Capture bulk traces with Bro.
sroddy at ligo-la.caltech.edu
Thu Feb 11 13:14:56 PST 2010
Seth Hall wrote:
> On Feb 11, 2010, at 10:43 AM, Luca Renaud wrote:
>> I have read some of Bro's docs and a script named start-capture-all
>> is pointed as a method to help capture
>> bulk traces with Bro.However that script is not present in Bro-1.5.1
>> distribution as I know.So,was the function
>> it was supposed to do transferred to broctl ?
>> Right now,what is the better method to capture bulk traces for
>> offline analysis (not using tcpdump) just
>> using Bro.
> There is a command line argument for it...
> -w|--writefile <writefile> | write to given tcpdump file
> Why are you interested in using Bro for capturing your bulk traces?
> It seems like it would make more sense to stick with something like
> Time Machine, tcpdump, or DaemonLogger.
tshark is also useful for captures...
> 1. http://www.net.t-labs.tu-berlin.de/research/tm/
> 2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
> Bro mailing list
> bro at bro-ids.org
More information about the Bro