[Bro] Have a cluster infrastructure read pcaps
william de ping
bill.de.ping at gmail.com
Sun Oct 30 01:53:24 PDT 2016
Hi all,
I have an issue with processing multiple pcap files in bro.
Due to the fact that loading all of bro's scripts and infrastructure is a
time consuming task,
processing each pcap file takes longer than it should.
Is there any way that a bro cluster could be up and running and have it's
workers process the pcap files ?
btw, it needs to be a pcap file and not live capture using tcpreplay for
transmitting them because of time issues (some sessions might be very long
and bro will process the pcap file faster than retransmitting the same pcap
file).
If anyone can think of a better way to accomplish it, I am free for offers
:)
Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161030/0c74184d/attachment.html
More information about the Bro
mailing list