[Bro] feeding bro cluster with parameters without restarting it
johanna at icir.org
Thu Mar 2 07:33:28 PST 2017
Indeed, I was also going to ask that. We did some performance
measurements when we first wrote it - and it actually is quite fast.
There only is a relatively low amount of components between the input
reader and it storing things in a table; I cannot be 100% sure, but I
doubt that other ingestion methods can be much faster. (I actually doubt
that they will be faster at all).
On 2 Mar 2017, at 7:27, Azoff, Justin S wrote:
>> On Mar 2, 2017, at 4:33 AM, william de ping <bill.de.ping at gmail.com>
>> The thing is that the INPUT framework (STREAM) and generally reading
>> from files is relatively slow.
> What exactly do you mean by relatively slow? How large are these
> tables that you are reading?
> - Justin Azoff
> Bro mailing list
> bro at bro-ids.org
More information about the Bro