[Bro] huge weird.log/conn.log
erik clark
philosnef at gmail.com
Thu Dec 1 05:47:02 PST 2016
I have two bro sensors. One is running 2.5, one is running 2.4.1. Both are
running on the same link off the tap.
The weird.log on the 2.5 box is 6 times bigger than the weird.log on the
2.4.1 log. Any idea why this might be? How can I troubleshoot this.
My conn.log is 3 times bigger. For reference:
conn.log -> 2.5 (45 minutes) 17 gig
conn.log -> 2.4.1 (45 min) 5.5 gig
weird.log -> 2.5 (45 minutes) 11 gig
weird.log -> 2.4.1 (45 minutes) 1.2 gig
These numbers seem to be WAY off. I have no idea how to even try and parse
this to see what is going on.
Packet loss on 2.4.1 is 6%
Packet loss on 2.5 is 1%.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161201/57a1706c/attachment.html
More information about the Bro
mailing list