bro at pingtrip.com
Sun Jan 29 14:37:30 PST 2017
I tried with —pseudo-realtime as well as creating a new PCAP to test with but it still exhibits the same behavior. ActiveHTTP successfully makes the request, and receives a response based other the contents of the temp files, but the when() block is never executed.
The reporter.log only has an event for the termination:
#types time enum string string
1485725443.690539 Reporter::INFO received termination signal (empty)
Is anyone able to re-create the same issue or is this limited to my environment?
> On Jan 29, 2017, at 12:41 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
> Hi Dave,
>> But if I pass it a PCAP it exhibits the same condition where the when loop isn’t entered:
>> bro -r test.pcap b.bro
> my guess would be that reading a pcap causes timing problems. Have you
> tried processing the pcap using --pseudo-realtime?
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro