[Bro] high cpu usage and strange select(2) behavior

Seth Hall seth at icir.org
Fri Feb 10 06:16:52 PST 2012


On Feb 10, 2012, at 6:24 AM, Stephane Chazelas wrote:

> But the reason I asked was because I thought it was a
> configuration problem of mine, because I found it abnormal for
> bro to use that much CPU when idle, and thought that could
> explain the alerts about dropped packets where the other IDSes
> are fine.


The high overhead is due to the Bro communication loop.  If you run in standalone mode (or just manually run a Bro process without loading frameworks/communication/listen.bro) you won't see the high cpu load.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/





More information about the Bro mailing list