Next: Modifying Bro policy, Previous: Specifying policy scripts, Up: Running Bro
There are two ways to run Bro on network traffic: on traffic captured
live by the network interface(s), and on traffic previously recorded
using the -w
flag of tcpdump
or Bro itself.