[Bro] bro werid.log are very high

Seth Hall seth at icir.org
Thu Aug 7 10:17:35 PDT 2014

On Aug 7, 2014, at 11:50 AM, Zhai, Jim (MGS) <Jim.Zhai at ontario.ca> wrote:

> Thanks Seth. We do have very high loss degree loss as well, over 60%.

You're determining that number from capture-loss.log or something else?

> We use the bridge-utils to bridge two interface eth1 and eth2 which does split the traffic.

Did you mean that it merges the traffic?

> We recently upgrade bro from 2.2 to 2.3 The capture loss used to be very low on 2.2. But the wried.log remain the same.  Just wondering if software bridge setting works in this situation?

Yeah, that should work fine.  It sounds like you might want to come up with a solution to your packet loss first.  Unfortunately I can't give you an answer without knowing more about your network and what your deploy looks like.  In most cases, 2.3 should actually be more efficient than 2.2.  There was some work done around identifying some major inefficiencies and addressing them.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/1cce2940/attachment.bin 

More information about the Bro mailing list