[Zeek] Write in realtime packets captured by Bro

Carlos Lopez clopmz at outlook.com
Wed Jan 23 06:06:03 PST 2019


Hi all,

 I am reading Bro's docs about how to write pcap file by Bro. According to docs, passing "-w" switch to bro via BroArgs options, will write a tcpdump file. That is perfect for what I am looking for, but: is it possible to rotate this tcpdump's file and remove it based on disk space and number of files?

Regards,
C. L. Martinez



More information about the Zeek mailing list