[Bro] time machine filesize issue
Martin Holste
mcholste at gmail.com
Thu Oct 28 14:13:00 PDT 2010
I wanted to make my disk-bound queries faster, so I wanted the fewest
files to search through for tm because it appears that every separate
file makes the interval searches in pcapnav slower if you're
requesting many packets. I found than when setting filesize > 289g,
tm creates a file per connection and trashes its working directory.
So two questions: am I right in thinking it is faster to search
through as few files as possible when using pcapnav? And secondly,
does anyone know why tm breaks when trying to create files larger than
289g?
Thanks,
Martin
More information about the Bro
mailing list