[Bro] To proxy or not to proxy...

Gary Faulkner gfaulkner.nsm at gmail.com
Thu Apr 2 09:24:31 PDT 2015


I'm currently running a separate box that has the manager and proxies on 
it, but I did just as you describe at one point and it seemed to work 
fairly well. You may want to reduce your worker count a bit to leave 
enough CPUs for the proxies. Out of curiosity are you pinning your 
workers to dedicated CPU cores? If you are not it could be that your 
workers are bouncing between cores due to hyper-threading which can 
cause them to stomp all over each other. I found pinning workers to 
cores helped tremendously when it came to worker health.

~Gary

On 4/1/2015 7:52 PM, Harry Hoffman wrote:
> Hi folks,
>
> So in my continuing pursuit of perfecting my Bro setup I found that adding a proxy on every box that also runs workers keeps bro much happier then a single manager/proxy box with one or more worker(s) boxes.
>
> Prior to adding the additional proxies bro workers would die due to resource constraints.
>
> Are other folks doing this?
>
> Cheers,
> Harry
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list