[Bro] Hardware recommends

Brandon Lattin latt0050 at umn.edu
Tue Jan 26 12:01:07 PST 2016

We've been doing the following:

Dell R630
2x Intel® Xeon® E5‐2687W v3
With whatever disk fits your needs. Our worker boxes are a mirrored pair of
120GB SSD. The manager node has slightly larger disk to handle 12h of
storage. A Splunk forwarder ingests from the manager box for

Most of this is in 'dev' right now, but we'll be run around 7x 100GB sets
by the end of the year following the Berkley model. Post-shunting we'll be
running Suricata on the traffic as well.

As a general rule, faster proc > more procs (Seth correct me here if this
has changed!)

On Tue, Jan 26, 2016 at 11:44 AM, James Lay <jlay at slave-tothe-box.net>

> And on the heels of the NIC question, how about hardware experiences?
> I'm looking at the PCIE2 NIC's at both Myricom and Netronome....any
> recommends for the server hardware to wrap around these cards?  The plan
> is to have this machine monitor a corporate LAN...lot's of traffic.
> Guessing the team will want to go Dell if that helps.  Thanks for the
> advice all.
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

Brandon Lattin
Security Analyst
University of Minnesota - University Information Security
Office: 612-626-6672
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160126/ca048f63/attachment.html 

More information about the Bro mailing list