[Bro-Dev] #816: Reworked PacketFilter framework
Bro Tracker
bro at tracker.bro-ids.org
Sat May 5 14:45:24 PDT 2012
#816: Reworked PacketFilter framework
----------------------------+------------------------
Reporter: seth | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Comment (by robin):
Replying to [comment:1 seth]:
> It's completely normal on deployed clusters to have small amounts of
packet loss, at least that has been my experience. Increasing the delay
was to reduce the volume of these notices. Large clusters were creating
multiple notices per worker per minute which just looks kind of sloppy
when you search through notices.
My concern is that with a large interval, it will take a while until drops
are reported the *first* time. If I just start Bro up on the command line,
I won't notice for 5 min whether I'm putting to much load on. I suggest we
either leave the default small and increase it in local.bro instead, or we
at least use something smaller than 5min; perhaps 30s or 1m.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/816#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list