[Zeek] Bro -r using multiple PCAP
David Decker
x.faith at gmail.com
Mon Apr 29 13:57:58 PDT 2019
Looking to see if anyone has created a script, or if this is an argument to
process multiple PCAPS using the bro -r argument.
I have it setup to output to JSON currently and change from EPOCH time to
normal date/time output, but that is one at a time, and will have
multiple.
Looking at either a batch script of maybe python but wanted to see if
anyone has done this bfore.
(Reingest multiple old PCAP files) to get re-ingested.
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190429/a0ed15f8/attachment.html
More information about the Zeek
mailing list