[Bro] Bro Digest, Vol 18, Issue 8
CS Lee
geek00l at gmail.com
Wed Oct 10 17:41:00 PDT 2007
Randy,
Maybe this is easy way to get raw trace -
http://geek00l.blogspot.com/2006/12/bro-ids-enable-full-content-data.html
If you are really looking at ring buffer, daemonlogger will do.
If you are encountering any issue with bro in certain timeline and say you
want to extract the data from that period, you can do the job with tcpslice.
Cheers ;]
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071011/1f73e2cb/attachment.html
More information about the Bro
mailing list