[Bro] Monitoring a directory and running bro on the PCAPs
Michał Purzyński
michalpurzynski1 at gmail.com
Sun Oct 2 07:38:36 PDT 2016
So is netsniff-ng - well not technical multi threaded but multi process, yes. It does not do indexing but it is much lighter and friendly to tune.
> On 2 Oct 2016, at 14:31, erik clark <philosnef at gmail.com> wrote:
>
> Moloch is a threaded pcap writer. You are writing multiple pcaps concurrently. Spewing that kind of content at bro probably will not have the desired effect, causing loss of session information and who knows what else. I agree that you should drop another link off your tap and feed it just to bro.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list