[Bro] Multi-threading
Seth Hall
seth at icir.org
Fri Oct 22 12:39:50 PDT 2010
On Oct 22, 2010, at 2:56 PM, Sunjeet Singh wrote:
> Today, if I'm using Bro as the Host-based IDS on my machine, and if I
> find that Bro is not being able to keep up with the incoming packet
> rate, what are some steps that I should take?
I'm guessing you meant network based IDS (as opposed to Host-based)?
Currently, if you are trying to scale Bro as a network IDS the most viable method is to use the cluster deployment using the BroControl utility. It's currently being used in production at a number of locations. For more documentation about BroControl and the cluster deployment you can refer to the following link.
http://www.icir.org/robin/bro-cluster/README.html
.Seth
More information about the Bro
mailing list