Dear Great Researchers,
When I tried to do Bro Offline test, I just got many ***.log files about
dos dump, normal dump, and so on.
However, when I tried to do that in real time mode, I could have various
alert about real time packets.
Could you let me know how I can obtain more realistic Bro alert result in
OFF-Line Analysis?
Thx.
Have a great weekend with Bro!!!
Best Regards,
Taeshik
Hi,
Dear Great Researchers,
When I tried to do Bro Offline test, I just got many ***.log files about
dos dump, normal dump, and so on.
However, when I tried to do that in real time mode, I could have various
alert about real time packets.Could you let me know how I can obtain more realistic Bro alert result in
OFF-Line Analysis?
there is absolutely no difference between using trace files (I presume
that's what you mean by "offline") and real traffic in the output
generated by Bro. What you get as output when reading in trace files is
exactly the same you'd get if you had seen those packets on a live
network.
Cheers,
Christian.