[Bro] Critical Stack requirements

Mike Dopheide dopheide at gmail.com
Thu Jan 21 09:27:22 PST 2016

How many CriticalStack feeds are you subscribing to and against how much
bandwidth are you monitoring?

I've heard a rough recommendation that anything more than 100k indicators
can be pretty rough.  We run with 90k against an average 1G traffic without
any problems (14 workers).


On Thu, Jan 21, 2016 at 11:19 AM, Monah Baki <monahbaki at gmail.com> wrote:

> Hi all,
> Running SecurityOnion and trying to implement Criticial Stack with
> Bro, server running 24GB RAM the system becomes unresponsive in 30
> seconds. All memory and swap is utilized by then. Any documentation
> that show sizing of Bro and Critical Stack?
> If I remove criticalstack from local.bro, it's back to normal.
> Thanks
> Monah
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160121/6fd9431b/attachment.html 

More information about the Bro mailing list