[Bro] Capture Loss
Arash Fallah
af7 at umbc.edu
Tue Mar 7 07:34:23 PST 2017
I'm running Bro in a clustered configuration using PF_RING to have 8
separate workers on one box. Additionally, I have commented out almost
everything in the default local.bro to run in Bro as efficiently as
possible. Together, these 8 workers are using less than 20% of total CPU
capacity.
However, we are experiencing capture loss consistently in the 50% range,
even though CPUs are idle 80% of the time on average.
Does anyone have any experience with this? I would greatly appreciate the
help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170307/57b77539/attachment-0001.html
More information about the Bro
mailing list