[Bro] feeding bro cluster with parameters without restarting it
william de ping
bill.de.ping at gmail.com
Mon Mar 6 03:42:23 PST 2017
Well, its hard to provide you with this information
As a process, writing to a remote file and reading from that remote file
into a bro table, it is not the most efficient way to perform such a task.
I do see events that have recognized their orig_h as part of the updated
table, but they are very infrequent.
Thanks
On Sun, Mar 5, 2017 at 7:10 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> > On Mar 5, 2017, at 2:44 AM, william de ping <bill.de.ping at gmail.com>
> wrote:
> >
> > On my case, I have a file that is being updated with 3+ lines per sec
> (each line has 3 fields). This file is being mapped to a table
> (&create_expire=10min).
> > Upon a new connection I check if orig_h is in this table and assign a
> field accordingly.
> > I see that many orig_h's are not recognized even though they exist in
> the file.
>
> What is the time difference between when the file is updated and the table
> is checked?
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170306/69ea38ec/attachment.html
More information about the Bro
mailing list