[Bro] Netmap plugin issue
seth at icir.org
Tue Feb 14 08:49:55 PST 2017
> On Feb 12, 2017, at 4:15 AM, Dave Crawford <bro at pingtrip.com> wrote:
> I also noticed that Andy’s LB output is slightly different. His displays the free buffers as “overflow_queue_size” where my output is “free_buffer_slots”.
Those are different lb log lines. The lines with overflow_queue_size are regarding the output pipes that send packets off the Bro (or other) processes. The line that has free_buffer_slots is regarding the interface being sniffed and it means that those are buffers (each buffer holds a single packet) that can be used if a pipe isn't being flushed quickly enough. If you have free buffers and packets begin to get backed up, the free_buffer_slots number on the physical interface will begin to go down and the overflow_queue_size on the pipe or pipes getting backed up will begin to rise.
I'm planning on writing a more extensive guide on all of this soon.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro