[Bro] Suggestions on handling 1Gb/s HTTP traffic?
Aaron Lewis
the.warl0ck.1989 at gmail.com
Sun Oct 25 23:25:34 PDT 2015
Linux, CentOS 6.3
On Mon, Oct 26, 2015 at 2:20 PM, Aashish Sharma <init.conf at gmail.com> wrote:
> Aaron,
>
> What OS are you running Bro on ?
>
> Aashish
>
>> On Oct 25, 2015, at 10:36 PM, Aaron Lewis <the.warl0ck.1989 at gmail.com> wrote:
>>
>> Hi,
>>
>> I recently tested bro 2.4.1 with ~1Gb/s HTTP traffic, it works but the
>> processes die out of OOM within a few hours.
>>
>> (The box has 16 cores and 64 GB memory, it should be enough right?)
>>
>> Now I'm trying to resolve this matter, perhaps one of the following,
>>
>> 1. Limit the volume of traffic that bro will process
>> 2. Tune bro
>>
>> Can someone please help?
>>
>> And .. what's the maximum amount of traffic you guys ever tested?
>>
>> --
>> Best Regards,
>> Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
>> Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Bro
mailing list