[Bro] bro werid.log are very high
seth at icir.org
Thu Aug 7 10:30:12 PDT 2014
On Aug 7, 2014, at 1:22 PM, Zhai, Jim (MGS) <Jim.Zhai at ontario.ca> wrote:
>> You're determining that number from capture-loss.log or something else?
> Yes, we find this from capture-loss.log. It used to be very low. But after upgrade 2.3 today, it jumps to 67%
Hm, some of the TCP handling was rewritten for 2.3. It's possible you're running into edge cases that weren't handled correctly.
Would it be possible for you to privately provide us with some of your conn.log and weird.log files?
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/69414d0c/attachment.bin
More information about the Bro