[Bro] Basic questions about the use of Bro.

Vern Paxson vern at icir.org
Sat Apr 5 17:20:38 PDT 2008


> How can I get the output of Bro in normal time and not UNIX time,using cf.
> for example,processing a tcpdump capture file:

There's no general option for this.  For any particular value you want to
print from a script, you can use fmt()'s %D or %T format.

> I did not do a complete installation of Bro,I use Bro to analyze my home
> ADSL connections right after the end of the session,so Bro does not report
> to log files in the logs directory,it reports to standard output.

You can "@load weird" to get the "weird" output into a file instead.

> if bro ever needs to report more troublesome events,does it follow
> the same terminology(name) used for the diverse files in the logs
> directory?

I'm not quite sure what you mean, but it will write alarms to stdout if
you haven't done "@load alarm", and the name used is the same in either case.

		Vern



More information about the Bro mailing list