On 5 Dec 2004, Vern Paxson wrote: > > I first have to make "my own".bro, and then add the "my own.bro" file to > > policy setting in bro.cfg? > > No, bro.cfg is for (somewhat) turnkey operational use. For your > own offline analysis, you should ignore it and just create your > own file my-own.bro and then use > > bro -r tracefile my-own > > to process it. > > Vern >