[Bro] bro werid.log are very high
seth at icir.org
Thu Aug 7 08:41:49 PDT 2014
On Aug 7, 2014, at 11:17 AM, Zhai, Jim (MGS) <Jim.Zhai at ontario.ca> wrote:
> Just wondering why werid.log are very high volume. There is a lot of “possible_split_routing” in werid.log. How to get rid of this issue?
It's very possible that you have split routing on your network. In other words, you might only be seeing one direction of traffic because the other direction of traffic is going on a route that you aren't seeing (another router for example).
Are you loading the misc/capture-loss.bro script? It's possible that could be cause by a high degree of packet loss as well.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/0a92e967/attachment.bin
More information about the Bro