[Bro] internal error: unknown msg type 101 in Poll()
Justin Azoff
JAzoff at uamail.albany.edu
Mon Feb 22 13:16:07 PST 2010
On Mon, Feb 22, 2010 at 01:39:45PM -0700, Tyler Schoenke wrote:
> I just tried Seth's suggestions about filtering ContentGap and
> AckAboveHole, and it has been quiet for the last couple hours.
I ran into general load issues when I switched to running a single node
cluster.. I traced it back to the same problem with ContentGap and
AckAboveHole.. I also ignored Weird::WeirdActivity, which helped too.
If I ran capstats on the 'lo' interface, I would see Bro doing about 10mbps and
a few thousand packets/sec for what seemed like no reason. After ignoring
those two event types lo now has under .1 mbps and about 20 packets/sec.
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list