[Bro] event q.
Dk Jack
dnj0496 at gmail.com
Wed Feb 3 19:55:06 PST 2016
Hi,
I am generating an event from my plugin. I wrote a script to create a new
record and stream to log my event. I added my script to my local.bro file
and ran it against a pcap like this:
./bro -r <pcap> -C ../share/bro/site/local.bro
The event log foo.log gets created correctly i.e. the log has entries
corresponding to the events in
the pcap. However, when I run bro using broctl, and replay packets using
tcpreplay, it generates
an empty foo.log. That is, the log file only contains the headers. Is there
something special I need
to add to my script when running in cluster mode? Thanks.
Dnj.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160203/a82f7bae/attachment.html
More information about the Bro
mailing list