[Bro] spam mail message collector

Hyun Yoo easetheworld at gmail.com
Tue Aug 25 14:59:03 PDT 2015


(I added mailing list addresss to recipient.)
I found 'set_contents_file() in connection_established event' does what I
want.

But it doesn't work for uni-direction packets. Any option for this?

And if I use -b option (bare mode) for performance, connection_established
is called much less. I thought only difference in bare mode was using less
protocol parser..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150826/23c62ae8/attachment.html 


More information about the Bro mailing list