[Bro] Issue with bro reading a file that capturing live traffic
Hashem Alaidaros
aidaros.dev at gmail.com
Sun Sep 27 20:14:07 PDT 2015
Hi All,
I run tcpdump live to capture the traffic into a file using "-w".
Then I run bro to read that file offline using "-r".
Both instances are running continuously. First it works fine but then bro
stop generating results although it keep running, this means bro didn't
continue reading from the file. Is it because bro -r is faster than the
live capturing?
How to let bro keep reading the file (this file is continuously whitening?
My bro version: 2.3 running on ubuntu platform.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150928/657206e8/attachment.html
More information about the Bro
mailing list