[Bro] Dropped Packets too much (jiahui zhao)
Robert Cotter
Robert.Cotter at endace.com
Tue Nov 20 18:17:06 PST 2018
I would suggest doing some reading on Bro clustering going a little deeper on your 'lb' configuration.
Not knowing what the data/packet rates you are attempting to process but in my experience asking a single process thread to do more than 300 Mb is going to ensure you get packet drops.
Below is part of my node.cfg for a 500Mb complex network data test lab setup I am currently running hosted in Centos KVM so I can learn/test some of the DNS/SSL scripting features.
[worker-1]
type=worker
host=localhost
#Interface=dag0
lb_procs=4
lb_method=interfaces
lb_interfaces=dag0,dag1,dag2,dag3
pin_cpus=4,5,6,7
Hope this helps you.
Regards
Robert Cotter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181121/d49c33d5/attachment.html
More information about the Bro
mailing list