[Bro] Capture bulk traces with Bro.
Seth Hall
hall.692 at osu.edu
Thu Feb 11 08:16:31 PST 2010
On Feb 11, 2010, at 10:43 AM, Luca Renaud wrote:
> I have read some of Bro's docs and a script named start-capture-all
> is pointed as a method to help capture
> bulk traces with Bro.However that script is not present in Bro-1.5.1
> distribution as I know.So,was the function
> it was supposed to do transferred to broctl ?
> Right now,what is the better method to capture bulk traces for
> offline analysis (not using tcpdump) just
> using Bro.
There is a command line argument for it...
-w|--writefile <writefile> | write to given tcpdump file
Why are you interested in using Bro for capturing your bulk traces?
It seems like it would make more sense to stick with something like
Time Machine[1], tcpdump, or DaemonLogger[2].
.Seth
1. http://www.net.t-labs.tu-berlin.de/research/tm/
2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list