[Bro] Trace Execution with broctl
Seth Hall
seth at icir.org
Mon Apr 4 11:55:08 PDT 2011
On Apr 4, 2011, at 10:27 AM, Will wrote:
> Is there currently a way to run an offline trace using broctl?
This is actually currently partially implemented in a branch. The problem with it is that it brings up a lot of questions about how it should work and how things should be handled from within BroControl. What I would personally like to see (but probably won't happen initially) is clustered tracefile processing.
Once we figure out a way forward on the read command, we can get it finished and integrated. Please file the ticket still if you don't mind. If you could be especially explicit about what features you need/want or how you'd like it to work, that would be a huge help.
Thanks!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list