[Bro] Store PCAP logs
Slagell, Adam J
slagell at illinois.edu
Mon Aug 3 10:18:08 PDT 2015
Keep in mind that you aren't analyzing Bro logs in this way, though. If all you want are pcaps, tcpdump should suffice. If you want both, this is a good solution.
> On Aug 3, 2015, at 12:15 PM, Daniel Thayer <dnthayer at illinois.edu> wrote:
>
> Bro can generate pcap files with the "-w" command-line option.
> Example:
> bro -i eth0 -w output.pcap
>
>
>> On 08/03/2015 08:14 AM, 陈昱竹 wrote:
>> Hello,
>>
>> I've installed Bro IDS on my computer, and I want to know is it possible
>> to make Bro generate pcap logs? Because I want to use Wireshark to
>> analyze Bro logs.
>> Another question, does anyone tried Splunk to analyze Bro logs? Can
>> anyone give me some advice?
>>
>> Any help would be great. Thank You.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list