[Bro] ActiveHTTP

Jan Grashöfer jan.grashoefer at gmail.com
Mon Jan 30 12:21:33 PST 2017

> Thanks Jan, what version of Bro are you running and on which platform?

I am using Bro 2.5 on Fedora 23 (4.8 kernel).

> I have 'bro version 2.5-30’, compiled from Github master, on Debian 8.7 and macOS 10.12.2 and both hang until I ctrl-C, and neither enters the when{} block:

$ time bro --pseudo-realtime -r
Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro
[code=302, msg=Found\x0d, body=...]
1485807420.620682 received termination signal

real	1m0.583s
user	0m26.229s
sys	0m34.185s

Without "--pseudo-realtime" it seems to hang for me, too. Have you tried
using it?


More information about the Bro mailing list