[Bro] SumStats framework
anthony kasza
anthony.kasza at gmail.com
Thu Jul 13 14:40:34 PDT 2017
Hi Xu,
Can you share the script you've written?
-AK
On Jul 13, 2017 10:52 AM, "Xu Zhang" <zhangxu1115 at gmail.com> wrote:
> Hi,
>
> I'm using SumStats framework to record features in the SSL handshake
> packets. There are lots of features (30+) I need to record and I created a
> reducer for each feature. In the SumStats::create(), I check if
> "feature_x" in result, and record result["feature_x"]$num. However, the
> SumStats::create function looks absurdly long. My question is: is it more
> efficient to break up the current SumStats::create function into multiple
> (each only have one reducer), or is it better to keep the code I currently
> have? Which one is faster?
>
> Thanks a lot!
>
> --
> Sincerely,
> Xu Zhang
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170713/77c8311a/attachment.html
More information about the Bro
mailing list