[
https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17108#comment-17108
]
Robin Sommer commented on BIT-1215:
-----------------------------------
Yes. Maybe a bit less than 2x, exponential grows quickly. :)
Would be nicer to recognize that differently, like by not finding a
log header; that way we can give a good error message. If such a check
is in place, I wouldn't actually bother with another double-check on
line length; in the unlikely case that the file has a correct header
but totally broken content, I'm sure there are plenty other cases
where bro-cut would fail, and it seems there's not more here that can
happen in addition than running out of memory (which the OS will
catch).
> bro-cut should be rewritten in C for speed and to not depend on gawk
> --------------------------------------------------------------------
>
> Key: BIT-1215
> URL: https://bro-tracker.atlassian.net/browse/BIT-1215
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro, bro-aux
> Reporter: Daniel Thayer
> Fix For: 2.4
>
>
> The current implementation of bro-cut is too slow when processing large log
> files (takes more than a minute to process a single log file a few hundred MB
> in size). Justin Azoff rewrote bro-cut in C and found that it runs an order
> of magnitude faster. Another benefit of a C version of bro-cut is that we
> will no longer depend on gawk for anything (and some of Bro's supported
> platforms do not include gawk by default).
--
This message was sent by Atlassian JIRA
(v6.3-OD-08-005-WN#6328)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
