[Bro] How BRO's in-built scripts are invoked in a flow one by one(one file after other file)
Clark, Gilbert
gc355804 at ohio.edu
Sun Dec 6 20:51:14 PST 2015
In addition to what Anthony suggests:
Bro has an option to trace execution and write the results to a file: I think it's '-T' or something along those lines. The trace file generated by running bro with this option can show you which script functions were called and in which order they were called ... but this option generates a *lot* of output, and should therefore only be used offline and (probably) with a relatively small capture file.
There's a benchmark script that ships with bro that also shows an example of incrementally running bro with 1 script loaded, 2 scripts loaded, etc to see how each script affects bro's runtime: https://github.com/bro/bro-aux/blob/master/devel-tools/cpu-bench-with-trace
Also, maybe try taking a look at try.bro.org: it's a pretty nice way to play with bro and become familiar with how things work.
Cheers,
Gilbert
More information about the Bro
mailing list