[Bro] Trace Files

Reed Porada rporada at ll.mit.edu
Mon Oct 15 05:51:11 PDT 2007


On Oct 14, 2007, at 8:08 PM, Robin Sommer wrote:

>
> On Thu, Oct 04, 2007 at 11:55 -0400, Reed Porada wrote:
>
>> On the Bro wiki it mentions that Bro can be configured to output
>> captured packets that look suspicious.
>
> Which text are you refering to exactly? Apart form -w, the only
> other thing I can think of is the built-in dump_current_packet()
> whichs save the currently processed packet to disk---with the
> typical problem that this is not very well defined.

http://www.bro-ids.org/wiki/index.php/User_Manual:_Bro_Output#Tracefiles

The line there implies something more than -w, which may be simply  
dump_current_packet().

-Reed




More information about the Bro mailing list