[Bro] problem with two specific workers
erik clark
philosnef at gmail.com
Fri Sep 30 06:16:09 PDT 2016
On second thought, I am getting in excess of 1.1 Mpps. According to Robin's
paper here,
https://www.sans.org/reading-room/whitepapers/intrusion/open-source-ids-high-performance-shootout-35772,
I should be able to process about 880 kpps with 24 workers.
However, I have 20 workers and 400 gigs of ram. When I move the workers up
to 24, my box gets crushed with a load of 20, up from a load of 13-15, and
I drop even more packets on the floor. Is the only way out of this to stand
up another box and try to use broctrl to load balance between those systems?
On Fri, Sep 30, 2016 at 7:47 AM, erik clark <philosnef at gmail.com> wrote:
> I have two workers that are constantly pegged at dropping 50% of the
> packets I am processing. It is always the same two workers. This is on bro
> 2.4.1, so I don't have misc-stats (yet). Is there a way I can troubleshoot
> why I have problems with these two workers?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160930/ffa255fc/attachment.html
More information about the Bro
mailing list