[Bro] bro werid.log are very high
Seth Hall
seth at icir.org
Thu Aug 7 10:30:12 PDT 2014
On Aug 7, 2014, at 1:22 PM, Zhai, Jim (MGS) <Jim.Zhai at ontario.ca> wrote:
>> You're determining that number from capture-loss.log or something else?
> Yes, we find this from capture-loss.log. It used to be very low. But after upgrade 2.3 today, it jumps to 67%
Hm, some of the TCP handling was rewritten for 2.3. It's possible you're running into edge cases that weren't handled correctly.
Would it be possible for you to privately provide us with some of your conn.log and weird.log files?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/69414d0c/attachment.bin
More information about the Bro
mailing list