[Bro] huge weird.log/conn.log

Azoff, Justin S jazoff at illinois.edu
Thu Dec 1 09:48:31 PST 2016


> On Dec 1, 2016, at 11:24 AM, erik clark <philosnef at gmail.com> wrote:
> 
> Hmm. I note that I am actually, in a given hour, getting 25-30% less logs from http.log.
> 
> Are there any guides to tuning Bro to work with af_packet?
> 
Step 1: ensure that you can use af_packet in the first place:

https://github.com/JustinAzoff/can-i-use-afpacket-fanout/

It looks like your current setup is not working.

-- 
- Justin Azoff






More information about the Bro mailing list