[Bro] Dropped Packets too much (jiahui zhao) (Robert Cotter)

jiahui zhao zhaojiahui555 at gmail.com
Wed Nov 21 22:50:34 PST 2018 

@Robert Cotter  Thank you for your reply !
 I try the solution you given , but i didn't work.

Maybe it's the pf_ring that causes the problem.
When i used tcpdump, i finded  the same problem of Dropped Packets.
Runtime environment:
 NIC is Broadcom Corporation NetXtreme BCM5720 Gigabit Ethernet PCIe
 pf_ring version is 7.1.0
 bro 2.5.5
 linux:centos


<bro-request at bro.org> :

> Send Bro mailing list submissions to
>         bro at bro.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> or, via email, send a message with subject or body 'help' to
>         bro-request at bro.org
>
> You can reach the person managing the list at
>         bro-owner at bro.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Bro digest..."
>
>
> Today's Topics:
>
>    1. Re: Dropped Packets too much (jiahui zhao) (Robert Cotter)
>    2. Disable Log Stream but not the analyzers (Alex Kefallonitis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 21 Nov 2018 02:17:06 +0000
> From: Robert Cotter <Robert.Cotter at endace.com>
> Subject: Re: [Bro] Dropped Packets too much (jiahui zhao)
> To: "bro at bro.org" <bro at bro.org>
> Message-ID: <08eb235e469a4d0c8872fc0d56c921c0 at endace.com>
> Content-Type: text/plain; charset="us-ascii"
>
> I would suggest doing some reading on Bro clustering going a little deeper
> on your 'lb' configuration.
>
> Not knowing what the data/packet rates you are attempting to process but
> in my experience asking a single process thread to do more than 300 Mb is
> going to ensure you get packet drops.
>
> Below is part of my node.cfg for a 500Mb complex network data test lab
> setup I am currently running hosted in Centos KVM so I can learn/test some
> of the DNS/SSL scripting features.
>
> [worker-1]
> type=worker
> host=localhost
> #Interface=dag0
> lb_procs=4
> lb_method=interfaces
> lb_interfaces=dag0,dag1,dag2,dag3
> pin_cpus=4,5,6,7
>
>
> Hope this helps you.
>
> Regards
>
> Robert Cotter
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181121/d49c33d5/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Wed, 21 Nov 2018 11:28:32 +0200
> From: Alex Kefallonitis <al.kefallonitis at gmail.com>
> Subject: [Bro] Disable Log Stream but not the analyzers
> To: Bro at bro.org
> Message-ID:
>         <CAHv=
> Muojid4SQsv0YvDKPpSRGr4+Q0vSX+m8dzESF_trB_b8ZA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I have disabled the Log Stream for HTTP :
>
> event bro_init()
>   {
>     Log::disable_stream(HTTP::LOG);
>  }
>
> But i want scripts using HTTP protocol to work e.g
>
> https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro
>
> Is there any other way to do it ?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181121/923f0989/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Bro mailing list
> Bro at bro.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> End of Bro Digest, Vol 151, Issue 22
> ************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181122/19f648a9/attachment.html

More information about the Bro mailing list