[Zeek] First attempt to upgrade to 3: Multiple interfaces

James Lay jlay at slave-tothe-box.net
Wed Mar 4 14:04:06 PST 2020


Thanks again...resources look great:

PID   USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ 
COMMAND
11360 root      20   0  830360 258148 151156 S   0.3  3.2   7:42.42 zeek
11362 root      20   0  827852 254540 150568 S   0.3  3.2  10:19.57 zeek

Also pleased to note that the trickle of traffic cpu usage has been 
fixed so thumbs up to that.

James

On 2020-03-03 19:50, Justin Azoff wrote:
> On Tue, Mar 3, 2020 at 9:39 PM Michał Purzyński
> <michalpurzynski1 at gmail.com> wrote:
> 
>> From what you’re describing, you’re running Zeek on a resource
>> constraints device.
>> 
>> You might want to actually use the newest version - not sure where
>> Justin fixes for the packet processing loop went in, but they should
>> help a lot.
> 
> Oh hah, I don't need any credit for all of that work.  I had an old
> patch against 2.4/5/6 that would relax the polling loop interval so it
> wouldn't eat up a lot of cpu on smaller devices, but it wasn't a fix.
> Tim completely rewrote the IO loop so now zeek on a raspberry pi
> should use 0% cpu when there's no traffic.
>  --
> 
> Justin


More information about the Zeek mailing list