Hi,
Seems like the timestamp in the bro log file come from the system/wall clock. Is there for bro to force it to use the timestamp in the pcap file? Thanks.
dk
Hello dk,
if you run Bro on a pcap, the timestamp in the logfile actually are driven
by the timestamps in the pcap file.
If you just do, e.g. bro -r [bro source path]/testing/btest/Traces/irc-dcc-send.trace
you will get timestamps from 2011, when that pcap file was generated.
Johanna