[Bro] Bro with 10Gb NIC's or higher

Aubrey Wells awells at digiumcloud.com
Fri Jan 9 13:42:21 PST 2015


My file has the headers in it:

$ head -8 capture_loss.log

#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path capture_loss
#open 2015-01-09-16-33-16
#fields ts ts_delta peer gaps acks percent_lost
#types time interval string count count double




---------------------
Aubrey Wells
Manager, Network Operations
Digium Cloud Services
Main: 888.305.3850
Support: 877.344.4861 or http://www.digium.com/en/support
<http://www.digium.com/en/support?elq=65516445a5964d3597e25eaf566bc2cf&elqCampaignId=>

On Fri, Jan 9, 2015 at 4:37 PM, John Donnelly <jdonnelly at dyn.com> wrote:

> Ok  - I found it it : / - along with "weird"
>
> How I can I specify another directory ?
> What do the fields mean ?
>
> root at x64-01:/# cat cap*
> 1420832673.023244,900.000068,bro,0,0,0.0
> 1420833573.023279,900.000035,bro,0,6,0.0
> 1420833727.951157,154.927878,bro,0,0,0.0
> 1420833885.693988,154.676438,bro,0,0,0.0
>
>
>
>
> On Fri, Jan 9, 2015 at 3:29 PM, Seth Hall <seth at icir.org> wrote:
>
>>
>> > On Jan 9, 2015, at 4:02 PM, Oehlert, Samuel <soehlert at illinois.edu>
>> wrote:
>> >
>> > Capture_loss.log and it should be with all your other logs once you
>> turn it on. Remember to install, check, and restart brocontrol to get it
>> turned on.
>>
>> After you add the following to local.bro of course…
>>
>> @load misc/capture-loss
>>
>>   .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150109/d414ef46/attachment.html 


More information about the Bro mailing list