[Bro] Suggestions on handling 1Gb/s HTTP traffic?
John Daly
longjohngolf at gmail.com
Mon Oct 26 08:49:50 PDT 2015
Aaron,
Have you confirmed that you're getting all of the traffic you expect?
Is the traffic simulated or real HTTP? How are you doing on-box load
balancing? PF_RING vanilla?
On Mon, Oct 26, 2015 at 5:29 AM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
>> On Oct 26, 2015, at 1:36 AM, Aaron Lewis <the.warl0ck.1989 at gmail.com> wrote:
>>
>> Hi,
>>
>> I recently tested bro 2.4.1 with ~1Gb/s HTTP traffic, it works but the
>> processes die out of OOM within a few hours.
>
> You need to elaborate on which processes are using memory and getting killed.
>
> Posting this again:
>
> Memory leaks are tricky. It is important to make a distinction about what component is using a lot of memory:
>
> 1) the workers - analyzer issues and leaks in general would show up here.
> 2) the proxies - communication related
> 3) the manager - child - if the manager is overloaded the child will buffer log data
> 4) the manager - parent - if a logging destination is overloaded the parent will buffer log writes
>
>
> --
> - Justin Azoff
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list