[Bro] Bro performance issues
Tomer Teller
djteller at gmail.com
Mon Oct 31 09:39:20 PDT 2011
event bro_init()
{
if ( peer_description == "worker-1" )
restrict_filters += table(["capture even src/dest pairs
only"] = "(ip[12:4] + ip[16:4]) & 1 == 0");
if ( peer_description == "worker-2" )
restrict_filters += table(["capture even src/dest pairs
only"] = "(ip[12:4] + ip[16:4]) & 1 == 1");
}
Is causing the following error:
line 58 (restrict_filters += table(capture even src/dest pairs only =
(ip[12:4] + ip[16:4]) & 1 == 0)): error, *requires two arithmetic or two
string operands*
On Mon, Oct 31, 2011 at 4:35 PM, Seth Hall <seth at icir.org> wrote:
>
> On Oct 31, 2011, at 10:15 AM, Tomer Teller wrote:
>
> > However, I can't surround it with an if statement so I cannot check
> peer_description.
> >
> > Any suggestions?
>
> Sorry about that...
>
> event bro_init()
> {
> if ( peer_description == "worker-1" )
> restrict_filters += table(["capture even src/dest pairs
> only"] = "(ip[12:4] + ip[16:4]) & 1 == 0");
> if ( peer_description == "worker-2" )
> restrict_filters += table(["capture even src/dest pairs
> only"] = "(ip[12:4] + ip[16:4]) & 1 == 1");
> }
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20111031/5cecaa8c/attachment.html
More information about the Bro
mailing list