[Bro] Suggestions on handling 1Gb/s HTTP traffic?
the.warl0ck.1989 at gmail.com
Sun Oct 25 23:25:34 PDT 2015
Linux, CentOS 6.3
On Mon, Oct 26, 2015 at 2:20 PM, Aashish Sharma <init.conf at gmail.com> wrote:
> What OS are you running Bro on ?
>> On Oct 25, 2015, at 10:36 PM, Aaron Lewis <the.warl0ck.1989 at gmail.com> wrote:
>> I recently tested bro 2.4.1 with ~1Gb/s HTTP traffic, it works but the
>> processes die out of OOM within a few hours.
>> (The box has 16 cores and 64 GB memory, it should be enough right?)
>> Now I'm trying to resolve this matter, perhaps one of the following,
>> 1. Limit the volume of traffic that bro will process
>> 2. Tune bro
>> Can someone please help?
>> And .. what's the maximum amount of traffic you guys ever tested?
>> Best Regards,
>> Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
>> Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
>> Bro mailing list
>> bro at bro-ids.org
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Bro