[Bro] Suggestions on handling 1Gb/s HTTP traffic?

Aaron Lewis the.warl0ck.1989 at gmail.com
Sun Oct 25 22:36:30 PDT 2015


I recently tested bro 2.4.1 with ~1Gb/s HTTP traffic, it works but the
processes die out of OOM within a few hours.

(The box has 16 cores and 64 GB memory, it should be enough right?)

Now I'm trying to resolve this matter, perhaps one of the following,

1. Limit the volume of traffic that bro will process
2. Tune bro

Can someone please help?

And .. what's the maximum amount of traffic you guys ever tested?

Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print:   9F67 391B B770 8FF6 99DC  D92D 87F6 2602 1371 4D33

More information about the Bro mailing list