[Bro] Is there a way to intentionally delay Bro's reading of trace file for something else to finish first?
Ren, Wenyu
wren3 at illinois.edu
Mon Oct 9 15:10:39 PDT 2017
Hello all,
I am recently using pybroker to feed some event data to my python program. I use the auto_event to do that and read traffic from a pcap file. However, it takes some time for the broker to establish the connection with my python program but the processing of the traffic starts immediately. As a result, the first part of the traffic is always missing in my python program. The following is how I set up the connection and the utilize the auto_event. I am wondering if there is a way to intentionally delay Bro's processing of the pcap file so that the connection can be established before Bro start to process the traffic.
event bro_init() &priority=5
{
Broker::enable();
Broker::connect("127.0.0.1", broker_port, 1sec);
Broker::auto_event("bro/event/packet_get", FlowLevel::packet_get);
Broker::auto_event("bro/event/data_get", DataLevel::data_get);
}
Any help is appreciated. Thanks a lot.
Best,
Wenyu
Wenyu Ren
Ph.D. Candidate
Department of Computer Science
University of Illinois at Urbana-Champaign
More information about the Bro
mailing list