[Bro] Performance questions

Zachary P Reimer zreimer2 at unlnotes.unl.edu
Mon Feb 5 09:06:10 PST 2007

I've been testing out bro 1.1c, and am looking at putting it into 
production, but have a couple of questions about hardware and performance 
issues. I'm currently running under FreeBSD 6. The throughput it'll be 
watching won't be extremely high (~200Mb), but connection counts will be 
quite high. The main question is whether to get a multiprocessor/multicore 
box, or split out some of the traffic to multiple smaller boxes. I haven't 
seen any discussion in the archives about support for SMP (other than a 
2005 conversation about the lack of SMP under Linux) and I'd prefer to not 
split out into multiple boxes, so I wanted to verify if bro will take 
advantage of the multiple processors.

The other question is about the performance/CPU impact of the Dynamic 
Protocol Detection feature in 1.2, since I haven't seen discussion around 
that and would like to use it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070205/98507cfd/attachment.html 

More information about the Bro mailing list