[Bro] Bro performance issues
Seth Hall
seth at icir.org
Mon Oct 31 07:35:30 PDT 2011
On Oct 31, 2011, at 10:15 AM, Tomer Teller wrote:
> However, I can't surround it with an if statement so I cannot check peer_description.
>
> Any suggestions?
Sorry about that...
event bro_init()
{
if ( peer_description == "worker-1" )
restrict_filters += table(["capture even src/dest pairs only"] = "(ip[12:4] + ip[16:4]) & 1 == 0");
if ( peer_description == "worker-2" )
restrict_filters += table(["capture even src/dest pairs only"] = "(ip[12:4] + ip[16:4]) & 1 == 1");
}
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list