[Bro] SHA256 Hash File Analyzer

Shawn Homan shawn.homan at gmail.com
Thu Feb 11 15:39:20 PST 2016


Thanks for the information. I have it turned on in my offline system, but
not sure how to measure performance.

On Thu, Feb 11, 2016 at 10:40 AM, Seth Hall <seth at icir.org> wrote:

>
> > On Feb 10, 2016, at 4:55 PM, Shawn Homan <shawn.homan at gmail.com> wrote:
> >
> > I was wondering if anyone can tell me why the sha256 hash functionality
> isn't turned on by default for the files log.
> >
> > I am working on something and needed to turn it on. I normally only use
> Bro to process pcap files offline and have never used it on a live network.
> >
> > Does it cause performance issues?
>
> When I was setting the default behavior a few years ago, I did some very
> weak testing and noticed that if I had md5 and sha1 turned on, the
> performance impact was ~1%, but it jumped up somewhere between 3-4% when I
> enabled SHA256.  That measurement should be revisited sometime soon though
> and perhaps even better measurements done to see if that performance impact
> is still there.
>
> Generally though, there is nothing in place which is stopping you from
> enabling SHA256 file hashes.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160211/95055aa1/attachment.html 


More information about the Bro mailing list