[Bro-Dev] #816: Reworked PacketFilter framework

Bro Tracker bro at tracker.bro-ids.org
Thu May 3 14:10:52 PDT 2012

#816: Reworked PacketFilter framework
  Reporter:  seth           |      Owner:
      Type:  Merge Request  |     Status:  new
  Priority:  Normal         |  Milestone:  Bro2.1
 Component:  Bro            |    Version:  git/master
Resolution:                 |   Keywords:

Comment (by seth):

 > This sets ``const stats_collection_interval = 5min``. That sounds quite
 > long an interval to report drops?

 It's completely normal on deployed clusters to have small amounts of
 packet loss, at least that has been my experience.  Increasing the delay
 was to reduce the volume of these notices.  Large clusters were creating
 multiple notices per worker per minute which just looks kind of sloppy
 when you search through notices.

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/816#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list