[Bro] Store PCAP logs
Slagell, Adam J
slagell at illinois.edu
Mon Aug 3 10:18:08 PDT 2015
Keep in mind that you aren't analyzing Bro logs in this way, though. If all you want are pcaps, tcpdump should suffice. If you want both, this is a good solution.
> On Aug 3, 2015, at 12:15 PM, Daniel Thayer <dnthayer at illinois.edu> wrote:
> Bro can generate pcap files with the "-w" command-line option.
> bro -i eth0 -w output.pcap
>> On 08/03/2015 08:14 AM, 陈昱竹 wrote:
>> I've installed Bro IDS on my computer, and I want to know is it possible
>> to make Bro generate pcap logs? Because I want to use Wireshark to
>> analyze Bro logs.
>> Another question, does anyone tried Splunk to analyze Bro logs? Can
>> anyone give me some advice?
>> Any help would be great. Thank You.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro