[Bro] huge weird.log/conn.log
Azoff, Justin S
jazoff at illinois.edu
Thu Dec 1 09:48:31 PST 2016
> On Dec 1, 2016, at 11:24 AM, erik clark <philosnef at gmail.com> wrote:
>
> Hmm. I note that I am actually, in a given hour, getting 25-30% less logs from http.log.
>
> Are there any guides to tuning Bro to work with af_packet?
>
Step 1: ensure that you can use af_packet in the first place:
https://github.com/JustinAzoff/can-i-use-afpacket-fanout/
It looks like your current setup is not working.
--
- Justin Azoff
More information about the Bro
mailing list