[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten in C for speed and to not depend on gawk
Daniel Thayer (JIRA)
jira at bro-tracker.atlassian.net
Wed Jul 9 22:15:07 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17102#comment-17102 ]
Daniel Thayer commented on BIT-1215:
------------------------------------
Branch topic/dnthayer/ticket1215 in bro and bro-aux repos contains
the new bro-cut, and a couple of doc changes (remove gawk from
list of optional Bro dependencies, and update btest sphinx PATH so that
the documentation examples that use bro-cut can find the new bro-cut).
> bro-cut should be rewritten in C for speed and to not depend on gawk
> --------------------------------------------------------------------
>
> Key: BIT-1215
> URL: https://bro-tracker.atlassian.net/browse/BIT-1215
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro, bro-aux
> Reporter: Daniel Thayer
> Fix For: 2.4
>
>
> The current implementation of bro-cut is too slow when processing large log files (takes more than a minute to process a single log file a few hundred MB in size). Justin Azoff rewrote bro-cut in C and found that it runs an order of magnitude faster. Another benefit of a C version of bro-cut is that we will no longer depend on gawk for anything (and some of Bro's supported platforms do not include gawk by default).
--
This message was sent by Atlassian JIRA
(v6.3-OD-08-005-WN#6328)
More information about the bro-dev
mailing list