[Bro] Logging and memory leak
Azoff, Justin S
jazoff at illinois.edu
Wed Feb 1 08:29:26 PST 2017
> On Jan 31, 2017, at 7:36 PM, Hovsep Levi <hovsep.sanjay.levi at gmail.com> wrote:
>
> No, both are disabled.
>
Do you have any other custom scripts loaded that are using sumstats?
With a dedicated logger process the manager doesn't really do anything other than sumstats.
Look in your cluster-layout.bro to see what port your manager process is assigned.. with 4 loggers I'd imagine it is around 47765/tcp
Then, run this command on the manager, on the interface that it talks to workers:
tcpdump -n -i em1 port 47765 -A | egrep -io '[A-Za-z_:-]{10,}'
That will output the names of the events that are bouncing between the workers and the manager
And see what you see.. It SHOULD be almost nothing, maybe a trickle of events.
--
- Justin Azoff
More information about the Bro
mailing list