Minimal Bro?
David_Sames at NAI.com
David_Sames at NAI.com
Wed Feb 18 13:33:15 PST 2004
I'm sure someone out there has done some performance profiling on Bro.
In just my rudimentary monitoring, I find that the running executable
requires anywhere from 5M to 7.2M of memory when running on my local
Linux host, looking at just my own network traffic. Size depends on
number of policies read. It looks to be fairly CPU-efficient in that it
hardly even registers on "top" when monitoring my local net.
I'm wondering if this memory footprint coincides with anyone else's
observations, and is there a way to reduce that footprint to something
smaller. I don't need Bro to have a huge policy, - however, what I want
may require all of Bro functionality. I'm just looking to do to attack
detection (and hopefully blocking) (like the latest 10 "worm" signatures
that may be available).
Regards,
David L. Sames
McAfee Research
15204 Omega Drive
Rockville, MD 20850
301.947.7189 | Direct
301.527.0482 | Fax
david_sames at nai.com | E-mail
<www.mcafeesecurity.com> | Web
More information about the Bro
mailing list