[Bro-Dev] Enable DPD per default in 1.6?
Adam J. Slagell
slagell at ncsa.illinois.edu
Mon Jan 24 12:53:58 PST 2011
On Jan 24, 2011, at 2:50 PM, Seth Hall wrote:
>
> On Jan 24, 2011, at 3:32 PM, Robin Sommer wrote:
>
>> There's a further advantage to doing (2): it would eliminate one of
>> the most common mistakes: not realizing that Bro's filter doesn't
>> include what one wants to analyze. With a default-all filter, Bro
>> does what one would intuitively expect, and changing the filter to
>> be more restrictive could be filed under "performance tuning".
>>
>> Thoughts?
>
> I like the idea. The common case seems to have become running with DPD enabled anyway. It would be one less thing for most people to have to configure as soon as they do the install. All as long as the filtering system gets some documentation. :)
>
> .Seth
Definitely a change to highlight in the INSTALL file and the FAQ page on the web. I imagine some people will be wondering why it slowed down for them on a 1.6 update because of that change. If this change isn't very clear, then they could just give up on 1.6.
More information about the bro-dev
mailing list