[Bro] broctl reading from pcap files

Seth Hall seth at icir.org
Mon Sep 15 05:44:44 PDT 2014

On Sep 15, 2014, at 7:02 AM, Victor-Alexandru Truica <vat at mnworks.dk> wrote:

> - can broctl read from PCAP files?

Yes, look into the "process" command in broctl.

> - can i use BROs cli to save the log files in a SO fashion (timestamped directories and others) without additional bash?

There was a question like that on the mailing list recently.

The gist is that you need to set a rotation interval and then provide a program which will call to do the actual log rotation.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list