[Bro] Bro 2.5 CPU usage

Dave Crawford bro at pingtrip.com
Fri Nov 25 08:45:09 PST 2016


I finally had an opportunity to install a Bro 2.5 cluster in the lab for review and was surprised to see a higher CPU usage than 2.4 deployments.

A clean install with (w/ PF_RING)  never drops below 25% CPU per worker at idle, meaning I’ve disabled the SPAN traffic and Bro stays at 25%.

I then went as far as disabling every default script except for the following:

@load misc/loaded-scripts
@load tuning/defaults
@load misc/capture-loss
@load misc/profiling.bro
@load misc/stats

And the CPU remains at 25%. 

Has anyone experienced similar results with 2.5?

-Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161125/5a17a775/attachment.html 


More information about the Bro mailing list