[Bro] Bro and scan detection - the new script. And performance.
Seth Hall
seth at icir.org
Tue Aug 25 19:52:49 PDT 2015
> On Aug 25, 2015, at 10:16 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
>
> Are you looking for examples where SumStats doesn't work from the latest
> pull of Bro or a specific version? It's been my experience that it
> depends heavily on the amount of networks configured in local nets.
Ah! I knew it. I’d be curious to learn conditions when and why (if we can figure it out) SumStats isn’t working. SumStats also hasn’t seen massive changes in a while so particular versions shouldn’t make much of a difference.
I’m really curious to figure out why more local nets would cause the issue. I’m mentally running through all of the cases where sumstats is used to think of places where more data is collected for local hosts. I’m at a loss right now. :/
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list