[Bro] 100G Bro monitoring technical paper

Joe Blow blackhole.em at gmail.com
Mon Aug 10 16:00:47 PDT 2015

This is an amazing document.  It has pretty much everything you'd need to
get off the ground.  Arista configs, Bro configs, Bro hardware specs...
They did pretty much everything except build it for you.

Add a logging cluster and you've got an amazing analytics platform on top
of all of your packets.

Fantastic work fellas.



On Mon, Aug 10, 2015 at 11:53 AM, Vincent Stoffer <vstoffer at lbl.gov> wrote:

> Hello,
> As announced at Brocon, we have completed the technical document which
> describes the architecture of our 100G Bro monitoring system.  As part of
> our project, we created this comprehensive document meant to be shared
> widely within the security community:
> http://go.lbl.gov/100g
> The document begins with the background and design decisions and then
> describes the build process including specific part numbers and
> configurations.  We also include a review of  performance and a description
> of our shunting mechanism, which increases performance by removing large
> and long-running flows from analysis.
> Please feel free to share this link and the document with anyone and
> direct any questions or comments to security at lbl.gov.  A huge thanks to
> the many folks in our community who helped influence the design of the
> system and this document.
> Thank you,
> Vince
> --
> Vincent Stoffer, Cyber Security Engineer
> Cyber Security, Information Technology Division
> Lawrence Berkeley National Laboratory
> (510) 486-4531
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150810/306b3b64/attachment.html 

More information about the Bro mailing list