[Bro] logger large memory usage
Azoff, Justin S
jazoff at illinois.edu
Thu May 11 11:22:44 PDT 2017
> On May 8, 2017, at 10:16 AM, Bowen Li <newfire.bw at gmail.com> wrote:
>
> Hey all,
>
> I`m running a bro cluster in 10G network, writing logs to redis server directly use plugins, when the cluster is running, the memory usage of the logger has been growing larger and larger(hundreds of Gb), seems like the logger cannot handle the huge number of the log messages, so the question is what`s the processing capacity of the logger? In my case, 25000 msgs/sec to redis. And why not use more loggers in one cluster but only one?
Multiple loggers is something that is being worked on. broctl git repository has initial support for running more than one worker on a cluster. It doesn't really work right if you are logging to files, but if you are using kafka or redis to aggregate logs it will work fine.
--
- Justin Azoff
More information about the Bro
mailing list