[Bro] optimize running bro from PCAPs / advantage of cluster mode
seth at corelight.com
Mon Oct 2 07:11:19 PDT 2017
On 29 Sep 2017, at 3:22, Frank Meier wrote:
> My original question still stands: Are there any parsers which combine
> the information seen by different workers in different flows?
Yes, FTP (control and data channels). Also, there are some scripts that
take global views of activity to create derived logs (may not matter so
much in your use case?).
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro