[Bro] feeding bro cluster with parameters without restarting it

william de ping bill.de.ping at gmail.com
Sat Mar 4 23:44:10 PST 2017


Hi and thank you for your answers !

By slow I mean that writing to a file on a remote machine will have network
and IO (read and write) strains.
I suppose having something like ZeroMQ or some syslog messaging framework
will be more efficient.

On my case, I have a file that is being updated with 3+ lines per sec (each
line has 3 fields). This file is being mapped to a table
(&create_expire=10min).
Upon a new connection I check if orig_h is in this table and assign a field
accordingly.
I see that many orig_h's are not recognized even though they exist in the
file.

Seth, can you please address me to a branch that includes this
reconfigurable bro framework ?

thanks again
B



On Thu, Mar 2, 2017 at 5:33 PM, Johanna Amann <johanna at icir.org> wrote:

> Indeed, I was also going to ask that. We did some performance measurements
> when we first wrote it - and it actually is quite fast. There only is a
> relatively low amount of components between the input reader and it storing
> things in a table; I cannot be 100% sure, but I doubt that other ingestion
> methods can be much faster. (I actually doubt that they will be faster at
> all).
>
> Johanna
>
>
> On 2 Mar 2017, at 7:27, Azoff, Justin S wrote:
>
> On Mar 2, 2017, at 4:33 AM, william de ping <bill.de.ping at gmail.com>
>>> wrote:
>>>
>>> The thing is that the INPUT framework (STREAM) and generally reading
>>> from files is relatively slow.
>>>
>>
>> What exactly do you mean by relatively slow?  How large are these tables
>> that you are reading?
>>
>> --
>> - Justin Azoff
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170305/979e7ff6/attachment.html 


More information about the Bro mailing list