bro at pingtrip.com
Mon Jan 30 13:44:27 PST 2017
> On Jan 30, 2017, at 3:21 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
> $ time bro --pseudo-realtime -r
> Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro
> [code=302, msg=Found\x0d, body=...]
> 1485807420.620682 received termination signal
> real 1m0.583s
> user 0m26.229s
> sys 0m34.185s
> Without "--pseudo-realtime" it seems to hang for me, too. Have you tried
> using it?
Thanks Jan! So on the --pseudo-realtime option did the trick. I had similar results on Debian as you:
And similar results on macOS:
I at least now have a comfort level to continue writing my script (my production Bro boxes are Debian).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro