[Bro] ActiveHTTP
Dave Crawford
bro at pingtrip.com
Mon Jan 30 13:44:27 PST 2017
> On Jan 30, 2017, at 3:21 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>
> $ time bro --pseudo-realtime -r
> Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro
> [code=302, msg=Found\x0d, body=...]
> 1485807420.620682 received termination signal
>
> real 1m0.583s
> user 0m26.229s
> sys 0m34.185s
>
> Without "--pseudo-realtime" it seems to hang for me, too. Have you tried
> using it?
>
> Jan
Thanks Jan! So on the --pseudo-realtime option did the trick. I had similar results on Debian as you:
real 1m0.579s
user 0m31.236s
sys 0m29.344s
And similar results on macOS:
real 1m0.568s
user 0m13.238s
sys 0m47.192s
I at least now have a comfort level to continue writing my script (my production Bro boxes are Debian).
-Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170130/bdf3fd3d/attachment.html
More information about the Bro
mailing list