[Bro] Hardware recommends
Seth Hall
seth at icir.org
Tue Jan 26 21:19:58 PST 2016
> On Jan 26, 2016, at 10:16 PM, Gary Faulkner <gfaulkner.nsm at gmail.com> wrote:
>
> On a side note: I found out a lot of interesting things about how my
> sensors were performing, as well as my upstream load-balancer by using
> Justin's statsd plugin (assuming your upstream shunting doesn't throw
> off the output) to send the capture-loss script output to a time series
> DB and graphing it.
I'm working on improving the stats output of Bro now too so the 2.5 version will have lots of internal details in the stats.log that should provide a much better picture for people to see what's going on in their clusters (a couple of people have already sent me data and graphs which has been super exciting!). Capture loss is cool, but there is so much more data available that can really help you get a deeper understanding of what Bro is doing while it's running.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list