I would like to implement full pcap logging with Bro and have found Time
Machine, however, I know very little of it other than seeing it
referenced as a parameter in a brotcl document written by Robin Sommer.
I've seen some slides by rsommer and have looked through the time
machine archives but haven't found anything helpful. Does anyone have a
doc they can share or can point me to a document (for beginners) for
interfacing time machine with Bro?