[Bro] Dataset for Bro evaluation

Hongda Li hongdal at g.clemson.edu
Wed Jan 11 13:17:19 PST 2017

Hello all,

I would like to do some evaluation of Bro.

My plan is to:
(1) Replay network traffic dataset to Bro and observe its CPU/memory usage.
(2) Replay network traffic dataset to Bro and observe the throughput
achieved by Bro without dropping packets.
(3) Replay network traffic dataset to Bro with different configurations
(e.g., enable some of the scripts) and observe the CPU/memory usage,
throughput, etc.

I guess datasets without payloads (e.g., LBNL/ICSI enterprise traces) are
not suitable for my plan, since the performance of Bro depends on the
content of the traffic.
But it is difficult to get access to the traffic datasets with payloads due
to privacy issues.
Does anybody have any suggestions to help accomplish the tasks listed in
the above plan?

Also, if necessary, I want to start a thread here discussing how you
(researchers, operators and developers) effectively evaluate Bro.

Appreciate any comments.

Best regards,
Hongda Li, Graduate Research Assistant
Division of Computer Science, School of Computing
Clemson University
Email: hongdal at clemson.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170111/f8dcff4f/attachment.html 

More information about the Bro mailing list