[Bro] using broccoli to send events to bro

Siwek, Jonathan Luke jsiwek at illinois.edu
Tue Sep 24 09:35:46 PDT 2013


> Any additional thoughts? I'm pretty lost on this one. I'm using 2.1
> with the broccoli.py included with it.

If output to the "wtf.txt" file is buffered, you probably aren't going to see anything in there right away.  Maybe not even until you terminate the bro process since there's so little data.  You can put a regular print statement to stdout in the event handler in your bro script to verify you actually get events, but nothing has yet been written to disk.  You could also have your python script send a whole bunch of events and hope you actually cause output to be flushed.

- Jon



More information about the Bro mailing list