I've just started to investigate bro here. I'd like to use it for real
time network monitoring, and an obvious (to me) question is: How quickly
is an event (say, a TCP session finishing the normal way) logged? How can
I control this?
I assume I might have to turn off stdio buffering to be able to see such
events right away. Are there other knobs to adjust?
Steinar Haug, Nethelp consulting, sthaug(a)nethelp.no
Show replies by date