[Zeek] zeek performance with some events activated
Palumbo Mauro
mauro.palumbo at aizoon.it
Thu Apr 18 00:44:23 PDT 2019
Hi Zeek-devs,
I need to do some analysis on TCP flags and the event "tcp_packet" perfectly fits my needs. However, as stated in Zeek's documentation, using this event may significantly affect Zeek's performance, given the high number of TCP packets to look into.
Is there any other way to look into TCP flags? Would bypassing scriptland and modifyng directly the C++ code be more efficient (though not the "proper" way to do it)?
Thanks in advance,
Mauro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190418/aeb6c572/attachment.html
More information about the Zeek
mailing list