[Bro] Monitoring a directory and running bro on the PCAPs

[erik clark]

Moloch is a threaded pcap writer. You are writing multiple pcaps
concurrently. Spewing that kind of content at bro probably will not have
the desired effect, causing loss of session information and who knows what
else. I agree that you should drop another link off your tap and feed it
just to bro.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161002/44553af8/attachment.html