Hi all,
I have an issue with processing multiple pcap files in bro.
Due to the fact that loading all of bro’s scripts and infrastructure is a time consuming task,
processing each pcap file takes longer than it should.
Is there any way that a bro cluster could be up and running and have it’s workers process the pcap files ?
btw, it needs to be a pcap file and not live capture using tcpreplay for transmitting them because of time issues (some sessions might be very long and bro will process the pcap file faster than retransmitting the same pcap file).
If anyone can think of a better way to accomplish it, I am free for offers 
Thanks,
Bill