[Bro] File extraction after checking hash.

Seth Hall seth at icir.org
Tue Oct 4 07:39:35 PDT 2016

> On Oct 4, 2016, at 10:33 AM, erik clark <philosnef at gmail.com> wrote:
> Hm, good point. Is there somewhere in the analysis framework where you can say, if a file is above x bytes, kill the analysis process? I ask, because I see this as somewhat related to the gridftp problem at lbl. If we have large tarballs or zip files or whatever crossing the wire,

Yeah, I've been thinking about this problem for a while and I might take a stab at addressing it in 2.6 (although there will be loads of caveats!).

>  killing those off at say, a 5 gig point or so, seems reasonable. As you mentioned that is quite a lot of memory being consumed by extraction. :/

Now what if you have 20 5gig transfers going on concurrently? :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list