[Bro-Dev] Bro + real-time question
anthony kasza
anthony.kasza at gmail.com
Tue Sep 30 10:08:10 PDT 2014
There are tons of incredibly useful features in Bro. Its always interesting
to see the research papers those features came from. I'm referring to table
expiring attributes in this case.
Its also interesting to read that connection timers are only disabled at
connection state removal. Are they periodically removed similar to hash
table resizing in figure 3? In any case, it's smart that their removal
comes second to packet processing.
-AK
On Sep 30, 2014 9:17 AM, "Vern Paxson" <vern at icir.org> wrote:
> > ... but if my quick skim is correct, this paper is where the old
> > load-level.bro script came from, right?
>
> Yes, basically. That paper documents a bunch of our experiences, including
> load-level. I think we wound up being torn between the need for it versus
> the notion "if you need it, what you really need is a bigger cluster".
>
> Vern
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20140930/c91142f8/attachment.html
More information about the bro-dev
mailing list