[Bro] Inconsistent results

Johanna Amann johanna at icir.org
Tue Jul 26 18:18:26 PDT 2016


Hello Ben,

no, there is no reason to expect Bro to give inconsistent output when
running a script on a trace file.

Do you potentially have a minimal example that you construct where this
happens, either with a small trace, or with one of the traces in the Bro
test suite? Without an example it is a bit hard to guess what exactly
might be going wrong.

Johanna

On Fri, Jul 22, 2016 at 07:25:16PM -0700, Ben Mixon-Baca wrote:
> Is there any reason to expect Bro to give inconsistent output when
> running a script on trace files? I have a script that uses SumStats to
> fire off an observation in the tcp_packet event to save the payload for
> later analysis. I seem to be running into an issue where I count a
> smaller number of observed tcp_packet events than I should actually be
> seeing.
> 
> 
> -- 
> Ben
> 




> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list