[Bro] huge weird.log/conn.log

Azoff, Justin S jazoff at illinois.edu
Thu Dec 1 09:48:31 PST 2016

> On Dec 1, 2016, at 11:24 AM, erik clark <philosnef at gmail.com> wrote:
> Hmm. I note that I am actually, in a given hour, getting 25-30% less logs from http.log.
> Are there any guides to tuning Bro to work with af_packet?
Step 1: ensure that you can use af_packet in the first place:


It looks like your current setup is not working.

- Justin Azoff

More information about the Bro mailing list