[Bro-Dev] One question about connection between Broccoli-Python and Bro

Scott Guan-Hua Tu guanhua.tu at gmail.com
Wed Jul 11 07:26:29 PDT 2012


Hi,

I encountered a problem to connect Broccoli-Python to Bro.
Specifically speaking, I can not connect Broccoli-Python to Bro when Bro is
processing tcpdump file as follows.
"Bro -r test.pcap"

However, I am able to connect Broccoli-Python to Bro when Bro is monitoring
network interface as follows.
"Bro -i eth0"

My Broccoli-Python is able to send/receive to/from Bro in the case above.

Is there anyone know the restriction to use Broccoli-Python?
How can I get notification from Bro when it is processing tcpdump file?

Thanks a lot.

Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20120711/9be65499/attachment.html 


More information about the bro-dev mailing list