[Bro] [bro] Custom log file
M. Aaron Bossert
mabossert at gmail.com
Fri Apr 21 09:19:51 PDT 2017
Sorry, forgot to add the [bro] in the subject line...
Sent from my iPhone
Begin forwarded message:
> From: "M. Aaron Bossert" <mabossert at gmail.com>
> Date: April 21, 2017 at 12:15:44 EDT
> To: bro at bro.org
> Subject: Custom log file
>
> I am using bro 2.5 to process PCAP dumps and am storing both the raw PCAP and the bro logs in Hbase. I already have an acceptable pipeline for getting both bro logs and PCAP into Hbase, but I want to be able to have each packet linked back to the conn.log entry (using the uid field).
>
> Currently, I am doing this in Hbase, but would rather have bro do it for me. Is it possible to have bro create either individual PCAP files for each log entry or a single log file that listed individual packets (presumably with a packet offset in the PCAP file) along with the uid from the conn.log file?
>
> I saw this option in YAF and was hoping it existed in bro.
>
> Sent from my iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170421/51815512/attachment.html
More information about the Bro
mailing list