[Bro] feeding bro cluster with parameters without restarting it
Johanna Amann
johanna at icir.org
Thu Mar 2 07:33:28 PST 2017
Indeed, I was also going to ask that. We did some performance
measurements when we first wrote it - and it actually is quite fast.
There only is a relatively low amount of components between the input
reader and it storing things in a table; I cannot be 100% sure, but I
doubt that other ingestion methods can be much faster. (I actually doubt
that they will be faster at all).
Johanna
On 2 Mar 2017, at 7:27, Azoff, Justin S wrote:
>> On Mar 2, 2017, at 4:33 AM, william de ping <bill.de.ping at gmail.com>
>> wrote:
>>
>> The thing is that the INPUT framework (STREAM) and generally reading
>> from files is relatively slow.
>
> What exactly do you mean by relatively slow? How large are these
> tables that you are reading?
>
> --
> - Justin Azoff
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list