[Bro] Bro 2.2 File Extraction (RHEL 6.5)
seth at icir.org
Wed Aug 6 13:07:30 PDT 2014
On Aug 6, 2014, at 3:53 PM, Jonathon Wright <jonathon.s.wright at gmail.com> wrote:
> I verified all configuration syntax: broctl check
> bro -C -r my_pcap_file
Two separate things are going on here. Broctl is really focused around running Bro on live traffic and orchestrating all of the complexity involved in that. You are then separately trying to run the Bro binary on a trace file and get output.
Your whatever.bro script is installed and ready to be used when Bro is run with broctl. Since you're just running Bro directly here though, you will want to load your script on the command line like this:
bro -C -r my_pcap_file whatever.bro
You could also load the full local.bro script if you want that functionality too like this:
bro -C -r my_pcap_file local.bro whatever.bro
Does that explain things better?
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140806/f74905d3/attachment.bin
More information about the Bro