[Bro] is there a bro script to ignore duplicated logs?
Azoff, Justin S
jazoff at illinois.edu
Thu Oct 4 07:21:55 PDT 2018
> On Oct 4, 2018, at 9:42 AM, Eric Ooi <ericooi at gmail.com> wrote:
>
> We had a similar issue and it turned out that the SPAN the network engineer configured was capturing a trunk such that any inter-VLAN traffic was being analyzed multiple times.
Yeah, if the traffic was duplicated 2 (maybe 3) times this could be the problem. In this case it's duplicated 12 times which almost definitely points to an lb_procs=12 in node.cfg and load balancing not working properly.
—
Justin Azoff
More information about the Bro
mailing list