[Bro] Bro cluster requirements and manager logging backlog bug
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Thu Dec 22 09:29:33 PST 2016
>
> Thanks for the help, I'm going to give your suggestions a try.
>
>
Unfortunately I wasn't able to stabilize the cluster. I tried splitting
the conn log into six different types, inbound(dns,http,other} and
outbound{dns,http,other} in addition to the http inbound/outbound split but
the logger process continues to buffer about 1G of memory per minute.
Short of a re-write of the logging process the only option is to upgrade
CPUs ? I tried running more than one logger but that doesn't seem to work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161222/82abf272/attachment.html
More information about the Bro
mailing list