[Bro] Logging at end of connections
Lamps, Jereme
jlamps at sandia.gov
Mon Apr 18 06:48:04 PDT 2016
I would like to take some action on a connection before it is written to conn.log. I added some code to the event Conn::log_conn and it works as intended when running through pcaps. However, when I try to run the script live on a network interface, it appears that log_conn is not getting called until I hit ctrl-c.. Is there another event I need to use??
Thanks in advance,
Jereme
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160418/c3dee841/attachment.html
More information about the Bro
mailing list