[Bro] Logging at end of connections
jlamps at sandia.gov
Mon Apr 18 06:48:04 PDT 2016
I would like to take some action on a connection before it is written to conn.log. I added some code to the event Conn::log_conn and it works as intended when running through pcaps. However, when I try to run the script live on a network interface, it appears that log_conn is not getting called until I hit ctrl-c.. Is there another event I need to use??
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro