[Bro] time machine filesize issue

Martin Holste mcholste at gmail.com
Thu Oct 28 14:13:00 PDT 2010


I wanted to make my disk-bound queries faster, so I wanted the fewest
files to search through for tm because it appears that every separate
file makes the interval searches in pcapnav slower if you're
requesting many packets.  I found than when setting filesize > 289g,
tm creates a file per connection and trashes its working directory.
So two questions: am I right in thinking it is faster to search
through as few files as possible when using pcapnav?  And secondly,
does anyone know why tm breaks when trying to create files larger than
289g?

Thanks,

Martin



More information about the Bro mailing list