[Bro] feeding bro cluster with parameters without restarting it
william de ping
bill.de.ping at gmail.com
Mon Mar 6 03:42:23 PST 2017
Well, its hard to provide you with this information
As a process, writing to a remote file and reading from that remote file
into a bro table, it is not the most efficient way to perform such a task.
I do see events that have recognized their orig_h as part of the updated
table, but they are very infrequent.
On Sun, Mar 5, 2017 at 7:10 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> > On Mar 5, 2017, at 2:44 AM, william de ping <bill.de.ping at gmail.com>
> > On my case, I have a file that is being updated with 3+ lines per sec
> (each line has 3 fields). This file is being mapped to a table
> > Upon a new connection I check if orig_h is in this table and assign a
> field accordingly.
> > I see that many orig_h's are not recognized even though they exist in
> the file.
> What is the time difference between when the file is updated and the table
> is checked?
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro