[Bro] Store PCAP logs

Daniel Thayer dnthayer at illinois.edu
Mon Aug 3 10:06:28 PDT 2015


Bro can generate pcap files with the "-w" command-line option.
Example:
bro -i eth0 -w output.pcap


On 08/03/2015 08:14 AM, 陈昱竹 wrote:
> Hello,
>
> I've installed Bro IDS on my computer, and I want to know is it possible
> to make Bro generate pcap logs? Because I want to use Wireshark to
> analyze Bro logs.
> Another question, does anyone tried Splunk to analyze Bro logs? Can
> anyone give me some advice?
>
> Any help would be great. Thank You.
>


More information about the Bro mailing list