[Bro] Notice.log
CS Lee
geek00l at gmail.com
Sun Dec 10 22:25:51 PST 2006
Hey all
I come across this log recently, it is from notice.log. I'm wondering what
is actually indicated by content gap, checking on mailing list and I found
vern talked about it when someone mentioned packets drop. I would like to
know what Content Gap means and the rate (> 1/175) or (> 1/1400).
1158285796.903890:ContentGap:NOTICE_ALARM_ALWAYS::1.2.3.4:59537/tcp:2.3.4.5:80/tcp::::::1.2.3.4/59537>
2.3.4.5/http content gap (> 1/175)::@21
1158285796.976927:ContentGap:NOTICE_ALARM_ALWAYS::1.2.3.4:8286/tcp:3.4.5.6:1983/tcp::::::1.2.3.4/8286>
3.4.5.6/1983 content gap (> 1/1400)::@22
Thanks.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20061211/c1149de9/attachment.html
More information about the Bro
mailing list