[Bro] Brocontrol revisited
James Lay
jlay at slave-tothe-box.net
Mon Aug 4 08:10:10 PDT 2014
On 2014-08-04 08:51, Siwek, Jon wrote:
> On Aug 3, 2014, at 6:44 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>> I like brocontrol's ease of use and auto-reports, but not at the
>> cost of an additional bro process that eats %15 CPU usage. Any
>> explanation for this? Thank you.
>
> Even in standalone mode, BroControl currently will have Bro listen
> for remote connections as some functionality of BroControl depends on
> that. Bro will fork a process to do the listening which is the
> additional bro process. The communication between parent, child, and
> peers use somewhat suboptimal I/O loops that rely on small timeouts
> which can be the reason for the extra CPU usage. From what I
> understand, the reason for it being that way is historical (i.e.
> there
> were reasons for doing it that way on older systems). I don’t know
> of
> any way to workaround it at this time, but improving/fixing the
> underlying problem is on the roadmap.
>
> - Jon
Thanks a bunch Jon...that's a great response that really helps my
understanding.
James
More information about the Bro
mailing list