[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten for speed and to not depend on gawk
Daniel Thayer (JIRA)
jira at bro-tracker.atlassian.net
Wed Jul 30 09:58:07 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300#comment-17300 ]
Daniel Thayer commented on BIT-1215:
------------------------------------
In branch topic/dnthayer/ticket1215, I've made the following changes:
1) bro-cut now handles time conversion for multiple time columns in a log file (and there is a new test case),
2) bro-cut no longer has a hard-coded limit on the number of columns that it can handle,
3) all tests now pass on OS X (previously, some were failing due to strftime("%z") behavior on OS X)
> bro-cut should be rewritten for speed and to not depend on gawk
> ---------------------------------------------------------------
>
> Key: BIT-1215
> URL: https://bro-tracker.atlassian.net/browse/BIT-1215
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro, bro-aux
> Reporter: Daniel Thayer
> Assignee: Daniel Thayer
> Fix For: 2.4
>
>
> The current implementation of bro-cut is too slow when processing large log files (takes more than a minute to process a single log file a few hundred MB in size). Justin Azoff rewrote bro-cut in C and found that it runs an order of magnitude faster. Another benefit of a C version of bro-cut is that we will no longer depend on gawk for anything (and some of Bro's supported platforms do not include gawk by default).
--
This message was sent by Atlassian JIRA
(v6.4-OD-02-003#64000)
More information about the bro-dev
mailing list