[Bro] Trace Files
Reed Porada
rporada at ll.mit.edu
Mon Oct 15 05:51:11 PDT 2007
On Oct 14, 2007, at 8:08 PM, Robin Sommer wrote:
>
> On Thu, Oct 04, 2007 at 11:55 -0400, Reed Porada wrote:
>
>> On the Bro wiki it mentions that Bro can be configured to output
>> captured packets that look suspicious.
>
> Which text are you refering to exactly? Apart form -w, the only
> other thing I can think of is the built-in dump_current_packet()
> whichs save the currently processed packet to disk---with the
> typical problem that this is not very well defined.
http://www.bro-ids.org/wiki/index.php/User_Manual:_Bro_Output#Tracefiles
The line there implies something more than -w, which may be simply
dump_current_packet().
-Reed
More information about the Bro
mailing list