[Bro] Netmap plugin issue

Seth Hall seth at icir.org
Tue Feb 14 08:49:55 PST 2017


> On Feb 12, 2017, at 4:15 AM, Dave Crawford <bro at pingtrip.com> wrote:
> 
> I also noticed that Andy’s LB output is slightly different. His displays the free buffers as “overflow_queue_size” where my output is “free_buffer_slots”.

Those are different lb log lines.  The lines with overflow_queue_size are regarding the output pipes that send packets off the Bro (or other) processes.  The line that has free_buffer_slots is regarding the interface being sniffed and it means that those are buffers (each buffer holds a single packet) that can be used if a pipe isn't being flushed quickly enough.  If you have free buffers and packets begin to get backed up, the free_buffer_slots number on the physical interface will begin to go down and the overflow_queue_size on the pipe or pipes getting backed up will begin to rise.

I'm planning on writing a more extensive guide on all of this soon.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list