Hello,
I know that I can easily run bro from the CLI with a .pcap file and
then analyze the logs it generates. However, what I need is to use the
Bro API (preferrably Python) to _open_ the pcap file and generate the
logs. Is this possible?
Thanks a lot in advance.
I’m not a core developer, but I can pretty much guarantee the API doesn’t support that. Reading pcaps is generally regarded as a testing mechanism, not part of a production architecture. For those folks where reading pcaps is a hard requirement, they usually end up building something around tcpreplay.
-Dop