[Bro] trouble of running multiple bro instances
john Y
yjohn9691 at gmail.com
Mon Aug 27 08:40:56 PDT 2018
Hello all!
I am facing with a lot of network traffic saved in pcaps and need to parse
them very fast.
I tried using broctl but unfortunately it could not use all computer
hardware.
So, I am running script which invoke a lot of bro instances, one for each
pcap.
I am using my own bro script which dippend on bro http log and con log
files.
Because each instance write his logs to the same folder, they run over each
other.
Creating directory for each instance is too complex and not enough
dynamically.
Can you offer something better?
Maby there is a way to make each instance save his logs to a different dir?
My invoke looks something like this :
" bro -C -r pcap_path bro_script_path "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180827/faa6a906/attachment.html
More information about the Bro
mailing list