[Bro] Question on cutting down on number of conn.log entries
Espresso Beanies
espressobeanies at gmail.com
Wed Mar 8 11:11:05 PST 2017
Hi,
I'm realizing my conn.log is eating up most of my performance and I'm
trying to cut down the number of times Bro makes a duplicate entry in the
conn.log file. I don't necessarily need to see the same simultaneous
traffic from a specific set of IP addresses and I'm trying to see if
there's a way to exempt them or at least cut down on the number of times
they are entered in my conn.log. Does anyone have any recommendations? I'm
also trying to do it in a way that also cuts down on my CPU performance if
possible.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170308/fc797043/attachment.html
More information about the Bro
mailing list