[Bro] connecting to bro with broccoli

daniel nagar dngr7512 at gmail.com
Tue Sep 2 01:38:58 PDT 2014 

>
> Why are you sending so much data by the way?  You may have approached the
> problem with a suboptimal design

I'm extracting information about HTTP requests/responses going through the
network and I'm using an external database to save some of that data so I
couldn't just use Bro scripting so using broccoli was a nice solution at
that time. If you have any suggestions how I could implement my application
without using broccoli It'd be great.

There is already major overhaul of Bro's communication system underway

Is there a place I can find more information about that?


Another problem I had is that I tried upgrading to Bro 2.3 but I couldn't
receive any event through broccoli like I was receiving with Bro 2.2 no
matter what configuration I was using on the bro client side, should have I
enabled it on the Bro side somehow?



On Tue, Sep 2, 2014 at 6:15 AM, Seth Hall <seth at icir.org> wrote:

>
> On Aug 31, 2014, at 2:31 PM, daniel nagar <dngr7512 at gmail.com> wrote:
>
> > I was sending out many HTTP requests which causes raising of many events
> per request/response
>
> Generally, I wouldn't recommend sending around protocol based events.
> Sending anything with a connection record that needs serialized and
> deserialized is probably not a good idea.
>
> Why are you sending so much data by the way?  You may have approached the
> problem with a suboptimal design.
>
> > I've figured out the memory expansion problem, it seems that the
> "ChunkQueue" in "ChunkedIO" does not have a limit and I was sending events
> at higher speeds than my broccoli client could process so the queue just
> kept growing.
>
> I was sort of curious if that's what was going on.  Nice to have an answer
> to that. :)
>
> > This is a temporary fix in my opinion, a more robust communication
> framework is needed such as using an external queue (such as ActiveMQ /
> ZeroMQ) for transferring events/chunks.
>
> There is already major overhaul of Bro's communication system underway.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140902/e7b7e94f/attachment.html

More information about the Bro mailing list