[Bro] Custom log file
M. Aaron Bossert
mabossert at gmail.com
Fri Apr 21 09:15:44 PDT 2017
I am using bro 2.5 to process PCAP dumps and am storing both the raw PCAP and the bro logs in Hbase. I already have an acceptable pipeline for getting both bro logs and PCAP into Hbase, but I want to be able to have each packet linked back to the conn.log entry (using the uid field).
Currently, I am doing this in Hbase, but would rather have bro do it for me. Is it possible to have bro create either individual PCAP files for each log entry or a single log file that listed individual packets (presumably with a packet offset in the PCAP file) along with the uid from the conn.log file?
I saw this option in YAF and was hoping it existed in bro.
Sent from my iPhone
More information about the Bro
mailing list