[Bro] Multi-Thread bro with pcap file?
Alex Waher
alexwis at gmail.com
Wed Apr 15 11:44:07 PDT 2015
tracereplay [http://www.wand.net.nz/trac/libtrace/wiki/TraceReplay] will
let you loop packets around into a dummy network interface from an existing
pcap/erf. It wont be a problem for bro to attach onto the dummy interface
via pf_ring and cluster away at the traffic.
-Alex
On Wed, Apr 15, 2015 at 8:05 AM, Joe Blow <blackhole.em at gmail.com> wrote:
> Hey everyone,
>
> I was wondering if anyone knows if it is possible to multi-thread BRO when
> you are reading the input from a file like this:
>
> /bro/bin/bro -r "$1" /bro/share/bro/site/local.bro "Site::local_nets = {
> 10.0.0.0/8, 192.168.0.0/16, 216.46.96.0/19, 172.16.0.0/12 }"
>
> Can this only be done with one thread?
>
> Cheers,
>
> JB
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150415/cd90ef54/attachment-0001.html
More information about the Bro
mailing list