So I am trying to use bloomfilter_counting_init for keeping a count of uniq IPs seen within a subnet and instead of relying on a table or a set, I was toying with an idea of using bloomfilter_counting_init.
However, I am not clear on the parameterization below: global bloomfilter_counting_init: function(k: count , cells: count , max: count , name: string &default=""): opaque of bloomfilter ; What should be the length of the cells for storing 65536 IPs ? Is k=3 a good value or I need something else ? Could someone elaborate on how to decide these parameters. I looked at /btest/bifs/bloomfilter.bro but not quite clear. thanks, Aashish On Mon, Apr 11, 2016 at 08:26:37AM -0700, Matthias Vallentin wrote: _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
