[Bro] script/cluster management practices
matt at monaco.cx
Wed Apr 29 20:08:16 PDT 2015
My colleagues and I are interested in hearing about how some of you manage your
clusters and scripts.
Are most of your scripts from the Bro git repo? Or have you collected/developed
a lot over time? Especially for the latter, how many are you running in production?
Is it typical to worry about the performance impact of adding scripts; do you
ever remove things because packet drops grow too high? Or is it just time for
Along those lines, how big is your cluster (nodes/workers)? I've heard roughly
100 Mbps/core. Does this mean it's not uncommon to have a 400-core cluster for 40G?
How do you test your scripts? Are you really attentive about keeping PCAPs to
trigger alerts, etc?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150429/dc838bca/attachment.bin
More information about the Bro