[Bro] Dropped Packets
Will Havlovick
will.havlovick at zenimax.com
Thu Jan 12 11:00:22 PST 2012
Hi all,
I recently upgraded 3 standalone Bro nodes. 2 of them are Ubuntu and one of them is CentOS 6.2.
On the 2 Ubuntu 11.10 boxes I have a lot of dropped packets in the notice.log
---
PacketFilter::Dropped_Packets 476 packets dropped after filtering, 52258 received, 52258 on link
PacketFilter::Dropped_Packets 4914 packets dropped after filtering, 52785 received, 52785 on link
PacketFilter::Dropped_Packets 3061 packets dropped after filtering, 35701 received, 35702 on link
PacketFilter::Dropped_Packets 3371 packets dropped after filtering, 30573 received, 30591 on link
---
broctl netstats
bro: 1326394056.309957 recvd=958721774 dropped=67351350 link=1026073125
I then tried to add this line to the broctl.cfg from http://comments.gmane.org/gmane.comp.security.detection.bro/4146
broargs = -l 9800
Which does not appear to be part of the final release and did not work.
The CentOS box is dropping packets, but not the amounts that the 2 Ubuntu boxes are.
Is there a way to reduce the amount of dropped packets?
Also, I can provide more data if necessary.
Thank you in advance,
Will
More information about the Bro
mailing list