[Bro] high cpu usage and strange select(2) behavior
Seth Hall
seth at icir.org
Fri Feb 10 06:16:52 PST 2012
On Feb 10, 2012, at 6:24 AM, Stephane Chazelas wrote:
> But the reason I asked was because I thought it was a
> configuration problem of mine, because I found it abnormal for
> bro to use that much CPU when idle, and thought that could
> explain the alerts about dropped packets where the other IDSes
> are fine.
The high overhead is due to the Bro communication loop. If you run in standalone mode (or just manually run a Bro process without loading frameworks/communication/listen.bro) you won't see the high cpu load.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list