I am handling rather big pcap files in the size of 500gb and bro execution takes a few hours to complete. For this reason I am looking for ways to speed up the execution.
I want to keep only specific logs files with the goal of making my bro execution faster. For my research I want to keep the following files: conn.log, ssl.log, x509.log, dns.log, http.log
From what I understood this command should do the trick: bro -r <pcap_file_name> -b base/protocols/ssl base/protocols/dns base/protocols/conn base/protocols/http
However, with the addition of base/protocol/ssl I also get the tunnel.log and files.log which I do not need. Is there a way to exclude these files from logging?
Moreover, I have a rather powerful machines with 8 cores and 8gb of RAM does anyone know a way to fully utilize that when using bro?