[Bro] SumStats framework
zhangxu1115 at gmail.com
Thu Jul 13 09:42:56 PDT 2017
I'm using SumStats framework to record features in the SSL handshake
packets. There are lots of features (30+) I need to record and I created a
reducer for each feature. In the SumStats::create(), I check if
"feature_x" in result, and record result["feature_x"]$num. However, the
SumStats::create function looks absurdly long. My question is: is it more
efficient to break up the current SumStats::create function into multiple
(each only have one reducer), or is it better to keep the code I currently
have? Which one is faster?
Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro