I’m looking to squeeze every bit of performance out of my Bro implementation, and wanted to know:
Is there any over head that be turned off? I’m only looking to capture HTTP, SMTP, and FTP, extract any files in transit, and calculate a SHA1 hash of those files.
Are there any tips for writing fast event code? Are there any known slow moving operations?
Has anyone done any time execution analysis of their code and could share the results?
Thank you as always,