I have read some of Bro’s docs and a script named start-capture-all is pointed as a method to help capture
bulk traces with Bro.However that script is not present in Bro-1.5.1 distribution as I know.So,was the function
it was supposed to do transferred to broctl ?
Right now,what is the better method to capture bulk traces for offline analysis (not using tcpdump) just
using Bro.
Thanks.
There is a command line argument for it...
-w|--writefile <writefile> | write to given tcpdump file
Why are you interested in using Bro for capturing your bulk traces? It seems like it would make more sense to stick with something like Time Machine[1], tcpdump, or DaemonLogger[2].
.Seth
1. http://www.net.t-labs.tu-berlin.de/research/tm/
2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
Seth Hall wrote:
I have read some of Bro's docs and a script named start-capture-all
is pointed as a method to help capture
bulk traces with Bro.However that script is not present in Bro-1.5.1
distribution as I know.So,was the function
it was supposed to do transferred to broctl ?
Right now,what is the better method to capture bulk traces for
offline analysis (not using tcpdump) just
using Bro.There is a command line argument for it...
-w|--writefile <writefile> | write to given tcpdump fileWhy are you interested in using Bro for capturing your bulk traces?
It seems like it would make more sense to stick with something like
Time Machine[1], tcpdump, or DaemonLogger[2].
tshark is also useful for captures...