[Bro] cluster manager crash

Bowen Li newfire.bw at gmail.com
Wed Sep 7 06:44:19 PDT 2016


Hi all,
    I have an issue about cluster manager crash when lots of log event send
to it.
    I set up a bro cluster  on my server, the cluster have 32 workers and 1
proxy and handle about 5Gb/s. After run about one and a half hour, the
cluster no longer produces logs, but workers still extracts files. So it
seems that the manager was crashed.
    Is there any possibility that the manager doesn't work anymore when
workers send lots of log event? If so, what`s the limit of the log event?
Or maybe the issue won`t happen if I run a real cluster on several servers?
    By the way, if I want to handle 10Gb/s, how much memory should I leave
for each worker ? If I do memory usage restrictions, will it affect
the performance of the cluster?
    Any insight would be helpful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160907/64f84924/attachment.html 


More information about the Bro mailing list