I would like to take some action on a connection before it is written to conn.log. I added some code to the event Conn::log_conn and it works as intended when running through pcaps. However, when I try to run the script live on a network interface, it appears that log_conn is not getting called until I hit ctrl-c… Is there another event I need to use??
Thanks in advance,
Jereme