[Bro] Packet loss during log rotation
Damian Gerow
damian.gerow at shopify.com
Tue Sep 23 11:46:14 PDT 2014
On Tue, Sep 23, 2014 at 2:33 PM, Seth Hall <seth at icir.org> wrote:
> > I'm trying to set up a new standalone Bro instance, but I seem to be
> experiencing regular packet loss. The host is processing minimal traffic
> -- always <10Mbps, usually around 2Mbps -- but I've noticed that the packet
> loss almost always occurs at time of log rotation.
>
> Are you running in cluster mode or standalone? If you're running in
> standalone, it's very possible that something is blocking briefly when the
> logs are rotated which could cause a small back up of packets, leading to
> loss.
>
Standalone, as I slowly work towards cluster mode. Is there a single
thread handling both reading packets and disk I/O? Even at 5Mbps, I would
have expected a single thread to be able to keep up with everything, unless
it's waiting for compression.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140923/76d0b3c7/attachment.html
More information about the Bro
mailing list