[Bro] bro werid.log are very high
seth at icir.org
Thu Aug 7 10:17:35 PDT 2014
On Aug 7, 2014, at 11:50 AM, Zhai, Jim (MGS) <Jim.Zhai at ontario.ca> wrote:
> Thanks Seth. We do have very high loss degree loss as well, over 60%.
You're determining that number from capture-loss.log or something else?
> We use the bridge-utils to bridge two interface eth1 and eth2 which does split the traffic.
Did you mean that it merges the traffic?
> We recently upgrade bro from 2.2 to 2.3 The capture loss used to be very low on 2.2. But the wried.log remain the same. Just wondering if software bridge setting works in this situation?
Yeah, that should work fine. It sounds like you might want to come up with a solution to your packet loss first. Unfortunately I can't give you an answer without knowing more about your network and what your deploy looks like. In most cases, 2.3 should actually be more efficient than 2.2. There was some work done around identifying some major inefficiencies and addressing them.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/1cce2940/attachment.bin
More information about the Bro