[Bro] timestamp

Johanna Amann johanna at icir.org
Thu Jun 9 09:57:41 PDT 2016


Hello dk,

if you run Bro on a pcap, the timestamp in the logfile actually are driven
by the timestamps in the pcap file.

If you just do, e.g. bro -r [bro source path]/testing/btest/Traces/irc-dcc-send.trace

you will get timestamps from 2011, when that pcap file was generated.

Johanna

On Wed, Jun 08, 2016 at 10:23:25PM -0700, Dk Jack wrote:
> Hi,
> Seems like the timestamp in the bro log file come from the system/wall
> clock. Is there for bro to force it to use the timestamp in the pcap file?
> Thanks.
> 
> dk

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list