generating bro report from packet capture

mel · August 16, 2007, 9:56am

Hi,

I want to generate bro reports from tcpdump packet capture files. Those files were captured from different networks. So:

bro -r file.pcap will generate generate log files:

alarm.log
conn.log
notice.log
weird.log

When I run site-report.pl, I get

No connection data found for the time period specified.
Unable to create a report.

What does this error mean? Note that the packet capture files maybe several days old.

--mel

Jean-Philippe_Luigg2 · August 17, 2007, 4:00am

Hello,

The message is saying that Bro is unable to find something to said regarding
the time range. It uses the date taken from the pcap's file and so the various logs.

The script "site-report.pl" uses (by default) :

Topic		Replies	Views
Empty reports!! Zeek	4	71	May 6, 2022
Store PCAP logs Zeek	4	88	May 6, 2022
about logs Zeek	1	64	May 6, 2022
Capturing the raw trace... Zeek	7	117	May 6, 2022
Bro on other Packet Trace Dumps. Zeek	13	90	May 6, 2022

generating bro report from packet capture

Related topics