[Bro] spam mail message collector
Hyun Yoo
easetheworld at gmail.com
Tue Aug 25 14:59:03 PDT 2015
(I added mailing list addresss to recipient.)
I found 'set_contents_file() in connection_established event' does what I
want.
But it doesn't work for uni-direction packets. Any option for this?
And if I use -b option (bare mode) for performance, connection_established
is called much less. I thought only difference in bare mode was using less
protocol parser..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150826/23c62ae8/attachment.html
More information about the Bro
mailing list