[Bro] Question on cutting down on number of conn.log entries
Azoff, Justin S
jazoff at illinois.edu
Wed Mar 8 13:47:09 PST 2017
Ok.. if you are seeing the exact same connection repeated multiple times that would point to an issue with your deployment.
Are you running multiple bro workers using lb_procs? If you run multiple workers but the load balancing is not functioning properly, you'll see multiple entries as you described.
--
- Justin Azoff
> On Mar 8, 2017, at 4:40 PM, Espresso Beanies <espressobeanies at gmail.com> wrote:
>
> Yep
>
> On Wed, Mar 8, 2017 at 2:22 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> > On Mar 8, 2017, at 2:11 PM, Espresso Beanies <espressobeanies at gmail.com> wrote:
> >
> > Hi,
> >
> > I'm realizing my conn.log is eating up most of my performance and I'm trying to cut down the number of times Bro makes a duplicate entry in the conn.log file.
>
> What do you mean by duplicate entries? Are you seeing the same exact connection(same 5 tuple) logged multiple times?
>
> --
> - Justin Azoff
>
>
>
More information about the Bro
mailing list