[Bro] Bro for embedded use?
Alex Tarter
Alex.Tarter at ultra-3eti.com
Tue Jul 24 10:42:52 PDT 2012
Robin, Jim & Jordi thank you for your responses, I agree size is in the eye
of the beholder as it were :)
We are using an 800MHz processor with 256MB RAM & 512MB flash storage, and
running Linux kernel 2.6.39.1 (freescale powerpc-linux-gnu-4.2.187
toolchain), however we are doing more than just Bro work on the device so we
are looking to understand how much of our footprint Bro will consume.
We will be monitoring a 100mbps link but the throughput should be of the
order of 1-5Mbps at any one time, and will be using Bro to identify
anomalous traffic activity in a few specialized scenarios.
This sounds similar to Jim's router application so should be possible, but
at the moment with not too much hacking of the code its compiling at around
40MB, I'm hoping we can get this down further.
What do people think? Still possible? Any tips for what we should be looking
to in order to optimize for our device?
Thanks,
Alex
-----Original Message-----
From: Robin Sommer [mailto:robin at icir.org]
Sent: Monday, July 23, 2012 5:16 PM
To: Alex Tarter
Cc: Jordi Ros-Giralt; bro at bro-ids.org
Subject: Re: [Bro] Bro for embedded use?
Bro has successfully run on Linksys boxes a few years ago.
Alex, can you describe the specifics of your platform a bit more?
Generally, I would say that Bro doesn't need a lot of resources if traffic
volume is low, though my interpretation of "not a lot" may differ from
yours. :-)
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5352 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120724/8b75473f/attachment.bin
More information about the Bro
mailing list