[Bro] Limiting the number of scripts and log files bro uses ?

Dan Villanti dev25 at cornell.edu
Mon Oct 20 07:00:13 PDT 2014


> You *could* try adding "BroArgs=-b" into broctl.cfg...

We have been using the "BroArgs=-b" configuration parameter for a while.  If you use this option in a cluster setup, be sure to load core frameworks such as cluster, notice, control, etc. in local.bro or you may see some strange things.  You may just want to load all of the frameworks defined in <bro dir>/share/bro/base/init-default.bro and then selectively add desired functionality on top of that.  It took us a little playing around to get all of the dependencies lined up for what we wanted to analyze, but the filtered results and performance increase were worth it.

Dan





More information about the Bro mailing list