[Bro] traffic vs log size

Landy Bible landy-bible at utulsa.edu
Mon Sep 25 06:13:13 PDT 2017


Sample size of one day... 138.5 GB of traffic, 12.6 GB of logs.

On Mon, Sep 25, 2017 at 6:57 AM Zeolla at GMail.com <zeolla at gmail.com> wrote:

> My bro sensors are sent about 56TB/day and log around 600GB/day
> uncompressed.
>
> Jon
>
> On Sun, Sep 24, 2017, 18:02 Brian Wylie <briford.wylie at gmail.com> wrote:
>
>> Hi All,
>>
>> I know these questions have lots of variables and 'it depends' but modulo
>> that, I'm looking for anecdotal information on the 'data reduction' that
>> happens with bro logs.
>>
>> Example:
>> - The tap/span sees 2TBytes of traffic per day.
>> - All the bro logs files for that day are approx 4GBytes on disk.
>>
>> So in this case the log files are giving about a 500x reduction in data.
>> Again I know there are lots of factors.. just looking for a few data points
>> from folks running Bro on a daily basis. In particular I'd like to get
>> numbers for uncompressed log sizes.
>>
>> Thanks in advance,
>> -Bri
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
Landy Bible
Information Security Analyst
The University of Tulsa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170925/1faa5087/attachment.html 


More information about the Bro mailing list