I’m realizing my conn.log is eating up most of my performance and I’m trying to cut down the number of times Bro makes a duplicate entry in the conn.log file. I don’t necessarily need to see the same simultaneous traffic from a specific set of IP addresses and I’m trying to see if there’s a way to exempt them or at least cut down on the number of times they are entered in my conn.log. Does anyone have any recommendations? I’m also trying to do it in a way that also cuts down on my CPU performance if possible.
Thanks in advance,