[Bro] Critical Stack requirements
Mike Dopheide
dopheide at gmail.com
Thu Jan 21 09:27:22 PST 2016
How many CriticalStack feeds are you subscribing to and against how much
bandwidth are you monitoring?
I've heard a rough recommendation that anything more than 100k indicators
can be pretty rough. We run with 90k against an average 1G traffic without
any problems (14 workers).
-Dop
On Thu, Jan 21, 2016 at 11:19 AM, Monah Baki <monahbaki at gmail.com> wrote:
> Hi all,
>
>
> Running SecurityOnion and trying to implement Criticial Stack with
> Bro, server running 24GB RAM the system becomes unresponsive in 30
> seconds. All memory and swap is utilized by then. Any documentation
> that show sizing of Bro and Critical Stack?
>
> If I remove criticalstack from local.bro, it's back to normal.
>
> Thanks
> Monah
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160121/6fd9431b/attachment.html
More information about the Bro
mailing list