[Bro] Trace Files
Robin Sommer
robin at icir.org
Sun Oct 14 17:08:43 PDT 2007
On Thu, Oct 04, 2007 at 11:55 -0400, Reed Porada wrote:
> On the Bro wiki it mentions that Bro can be configured to output
> captured packets that look suspicious.
Which text are you refering to exactly? Apart form -w, the only
other thing I can think of is the built-in dump_current_packet()
whichs save the currently processed packet to disk---with the
typical problem that this is not very well defined.
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list