[Zeek] Write in realtime packets captured by Bro
Seth Hall
seth at corelight.com
Wed Jan 23 10:03:05 PST 2019
On 23 Jan 2019, at 9:06, Carlos Lopez wrote:
> I am reading Bro's docs about how to write pcap file by Bro.
> According to docs, passing "-w" switch to bro via BroArgs options,
> will write a tcpdump file. That is perfect for what I am looking for,
> but: is it possible to rotate this tcpdump's file and remove it based
> on disk space and number of files?
Unfortunately that hasn't been implemented yet.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Zeek
mailing list