[Zeek] Bro -r using multiple PCAP
Otto Fowler
ottobackwards at gmail.com
Thu May 2 06:34:34 PDT 2019
I made a quick github project with the script I had sent David.
https://github.com/ottobackwards/run-bro-pcap-directory
if anyone is interested.
On May 1, 2019 at 00:33:06, David Decker (x.faith at gmail.com) wrote:
Update on the Bro -r using multiple scripts.
I guess I should add that I am needing to break out the logs (either by
PCAP or by say day) not sure what is the easiest.
Thanks everyone so far.
Still working out the kinks i guess.
New to this.
On Mon, Apr 29, 2019 at 1:57 PM David Decker <x.faith at gmail.com> wrote:
> Looking to see if anyone has created a script, or if this is an argument
> to process multiple PCAPS using the bro -r argument.
>
> I have it setup to output to JSON currently and change from EPOCH time to
> normal date/time output, but that is one at a time, and will have multiple.
>
> Looking at either a batch script of maybe python but wanted to see if
> anyone has done this bfore.
> (Reingest multiple old PCAP files) to get re-ingested.
>
> Dave
>
_______________________________________________
Zeek mailing list
zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190502/78999e15/attachment.html
More information about the Zeek
mailing list