[Bro] trouble of running multiple bro instances
Johanna Amann
johanna at icir.org
Mon Aug 27 08:55:47 PDT 2018
Hi John,
The typical solution for this is to write a short shell script wrapper
that is invoked, instead of invoking Bro directly. That script can
create the folders and put Bro in the correct folder to which the log
files should be written.
The script can be as easy as
mkdir $1
pushd $1
bro -r /path/to/pcaps/$1.pcap
Or similar.
On 27 Aug 2018, at 8:40, john Y wrote:
> Hello all!
>
> I am facing with a lot of network traffic saved in pcaps and need to
> parse
> them very fast.
> I tried using broctl but unfortunately it could not use all computer
> hardware.
> So, I am running script which invoke a lot of bro instances, one for
> each
> pcap.
> I am using my own bro script which dippend on bro http log and con log
> files.
> Because each instance write his logs to the same folder, they run over
> each
> other.
> Creating directory for each instance is too complex and not enough
> dynamically.
>
> Can you offer something better?
> Maby there is a way to make each instance save his logs to a different
> dir?
> My invoke looks something like this :
> " bro -C -r pcap_path bro_script_path "
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list