[Bro] feeding bro cluster with parameters without restarting it
Azoff, Justin S
jazoff at illinois.edu
Sun Mar 5 09:10:09 PST 2017
> On Mar 5, 2017, at 2:44 AM, william de ping <bill.de.ping at gmail.com> wrote:
>
> On my case, I have a file that is being updated with 3+ lines per sec (each line has 3 fields). This file is being mapped to a table (&create_expire=10min).
> Upon a new connection I check if orig_h is in this table and assign a field accordingly.
> I see that many orig_h's are not recognized even though they exist in the file.
What is the time difference between when the file is updated and the table is checked?
--
- Justin Azoff
More information about the Bro
mailing list