[Bro] Hardware recommends
Brandon Lattin
latt0050 at umn.edu
Tue Jan 26 12:01:07 PST 2016
We've been doing the following:
Dell R630
2x Intel® Xeon® E5‐2687W v3
3.1GHz,25MCache,9.60GT/sQPI,Turbo,HT,10C/20T(160W)
128GB RAM
With whatever disk fits your needs. Our worker boxes are a mirrored pair of
120GB SSD. The manager node has slightly larger disk to handle 12h of
storage. A Splunk forwarder ingests from the manager box for
retention/analysis.
Most of this is in 'dev' right now, but we'll be run around 7x 100GB sets
by the end of the year following the Berkley model. Post-shunting we'll be
running Suricata on the traffic as well.
As a general rule, faster proc > more procs (Seth correct me here if this
has changed!)
On Tue, Jan 26, 2016 at 11:44 AM, James Lay <jlay at slave-tothe-box.net>
wrote:
> And on the heels of the NIC question, how about hardware experiences?
> I'm looking at the PCIE2 NIC's at both Myricom and Netronome....any
> recommends for the server hardware to wrap around these cards? The plan
> is to have this machine monitor a corporate LAN...lot's of traffic.
> Guessing the team will want to go Dell if that helps. Thanks for the
> advice all.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Brandon Lattin
Security Analyst
University of Minnesota - University Information Security
Office: 612-626-6672
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160126/ca048f63/attachment.html
More information about the Bro
mailing list