[Bro-Dev] bloomfilter_counting_init parameterization ?
asharma at lbl.gov
Tue May 3 00:25:57 PDT 2016
So I am trying to use bloomfilter_counting_init for keeping a count of uniq IPs seen within a subnet and instead of relying on a table or a set, I was toying with an idea of using bloomfilter_counting_init.
However, I am not clear on the parameterization below:
global bloomfilter_counting_init: function(k: count , cells: count , max: count , name: string &default=""): opaque of bloomfilter ;
What should be the length of the cells for storing 65536 IPs ?
Is k=3 a good value or I need something else ? Could someone elaborate on how to decide these parameters.
I looked at /btest/bifs/bloomfilter.bro but not quite clear.
On Mon, Apr 11, 2016 at 08:26:37AM -0700, Matthias Vallentin wrote:
More information about the bro-dev