Hi all,
Is it possible to read and process a pcap’s dir offline with Zeek version 3.2.2? Exists some option to analyze a pcap’s dir with several pcaps stored?
The easier way I came up with is by doing a bash script that iteratively runs zeek on every pcap and copy the log files to another destination to avoid overwriting.
We are dealing with traffic in real time.Pcap packages are not saved. Copying log files is fine, but I want the child nodes to share the traffic
Federico Foschini <undicizeri@gmail.com> 于2020年10月27日周二 下午7:56写道: