[Bro] traffic vs log size

Brian Wylie briford.wylie at gmail.com
Mon Sep 25 11:12:26 PDT 2017


Thanks for the info guys...

On Mon, Sep 25, 2017 at 8:13 AM Landy Bible <landy-bible at utulsa.edu> wrote:

> Sample size of one day... 138.5 GB of traffic, 12.6 GB of logs.
>
> On Mon, Sep 25, 2017 at 6:57 AM Zeolla at GMail.com <zeolla at gmail.com> wrote:
>
>> My bro sensors are sent about 56TB/day and log around 600GB/day
>> uncompressed.
>>
>> Jon
>>
>> On Sun, Sep 24, 2017, 18:02 Brian Wylie <briford.wylie at gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> I know these questions have lots of variables and 'it depends' but
>>> modulo that, I'm looking for anecdotal information on the 'data reduction'
>>> that happens with bro logs.
>>>
>>> Example:
>>> - The tap/span sees 2TBytes of traffic per day.
>>> - All the bro logs files for that day are approx 4GBytes on disk.
>>>
>>> So in this case the log files are giving about a 500x reduction in data.
>>> Again I know there are lots of factors.. just looking for a few data points
>>> from folks running Bro on a daily basis. In particular I'd like to get
>>> numbers for uncompressed log sizes.
>>>
>>> Thanks in advance,
>>> -Bri
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> --
>>
>> Jon
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
> Landy Bible
> Information Security Analyst
> The University of Tulsa
>
-- 
Sent from iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170925/3d636c43/attachment-0001.html 


More information about the Bro mailing list