[Bro] using broccoli to send events to bro
Mike Sconzo
sconzo at visiblerisk.com
Tue Sep 24 11:07:46 PDT 2013
-1 for me. It was a buffering problem (sending 1000 events worked quite well).
Thanks for the assistance, I feel "special".
-=Mike
On Tue, Sep 24, 2013 at 11:35 AM, Siwek, Jonathan Luke
<jsiwek at illinois.edu> wrote:
>> Any additional thoughts? I'm pretty lost on this one. I'm using 2.1
>> with the broccoli.py included with it.
>
> If output to the "wtf.txt" file is buffered, you probably aren't going to see anything in there right away. Maybe not even until you terminate the bro process since there's so little data. You can put a regular print statement to stdout in the event handler in your bro script to verify you actually get events, but nothing has yet been written to disk. You could also have your python script send a whole bunch of events and hope you actually cause output to be flushed.
>
> - Jon
--
cat ~/.bash_history > documentation.txt
More information about the Bro
mailing list