[Bro] Is it applicapable to specific target ip using command line in bro?
sri at basam.org
Tue Dec 6 07:23:23 PST 2011
On Tue, Dec 6, 2011 at 4:01 AM, Readon Shaw <xydarcher at 163.com> wrote:
> I want to analysis traffic in/out specific host (identified by ip)
> in trace file,
> where processing for in/out streams are different. So i would be a problem
> notify the script what is my target host. A python script was used to
> the command lines, such as
> bro -r xxx.pcap yyyy.bro.
> But here the bro script can't get the target ip through this kind
> of command.
> Is there any mechanism in bro to fulfull this requirement?
Could you just script it to pass the ip as a filter to bro?
bro -r <file.pcap> -f "host a.b.c.d" myscript.bro?
> There is a way to config ip in files, but i think that would meet its
> on multi-thread processing.
> or broccoli-python suit for me? how would it communicate with a trace file
> based bro server?
> Readon Shaw
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro