[Bro] SumStats framework

Xu Zhang zhangxu1115 at gmail.com
Thu Jul 13 09:42:56 PDT 2017


Hi,

I'm using SumStats framework to record features in the SSL handshake
packets. There are lots of features (30+) I need to record and I created a
reducer for each feature. In the   SumStats::create(), I check if
"feature_x" in result, and record result["feature_x"]$num. However, the
SumStats::create function looks absurdly long. My question is: is it more
efficient to break up the current SumStats::create function into multiple
(each only have one reducer), or is it better to keep the code I currently
have? Which one is faster?

Thanks a lot!

-- 
Sincerely,
Xu Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170713/1d2300e8/attachment.html 


More information about the Bro mailing list