[Zeek] Write in realtime packets captured by Bro

Seth Hall seth at corelight.com
Wed Jan 23 10:03:05 PST 2019



On 23 Jan 2019, at 9:06, Carlos Lopez wrote:

>  I am reading Bro's docs about how to write pcap file by Bro. 
> According to docs, passing "-w" switch to bro via BroArgs options, 
> will write a tcpdump file. That is perfect for what I am looking for, 
> but: is it possible to rotate this tcpdump's file and remove it based 
> on disk space and number of files?

Unfortunately that hasn't been implemented yet.

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Zeek mailing list