[Bro] RE : Re: Emerging Threats signatures on Bro ids ?
Gilbert Clark
gc355804 at ohio.edu
Mon Aug 13 11:26:10 PDT 2012
Hi:
You might try obtaining a few rather large traces and running bro
against those traces with '-r'. Record how long it takes to process
these traces both without the changes you've made and with the changes
you've made. The difference in these two times might give you a rough
idea of how your modifications impact bro's performance (given observed
traffic similar to that of the analyzed trace).
--Gilbert
On 8/13/2012 12:38 PM, rmkml at yahoo.fr wrote:
> Hi Seth,
> I don't have quick internet access, only a *dsl access.
> This is why I need feedback please.
> Anyone tested please?
> What's performance impact? (only 33sigs)
> Regards
> Rmkml
>
>
>
>
> Seth Hall a écrit :
>
>
> On Aug 12, 2012, at 7:01 PM, rmkml <rmkml at yahoo.fr> wrote:
>
> > Im always interested if you have
> comments/feedback/flame/performance/FP/FN please.
>
>
> Have you tried running Bro on live traffic with this script? I looked
> through it briefly and it seems like it would severely impact performance.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120813/92a14cff/attachment.html
More information about the Bro
mailing list