[Bro] traffic vs log size
Landy Bible
landy-bible at utulsa.edu
Mon Sep 25 06:13:13 PDT 2017
Sample size of one day... 138.5 GB of traffic, 12.6 GB of logs.
On Mon, Sep 25, 2017 at 6:57 AM Zeolla at GMail.com <zeolla at gmail.com> wrote:
> My bro sensors are sent about 56TB/day and log around 600GB/day
> uncompressed.
>
> Jon
>
> On Sun, Sep 24, 2017, 18:02 Brian Wylie <briford.wylie at gmail.com> wrote:
>
>> Hi All,
>>
>> I know these questions have lots of variables and 'it depends' but modulo
>> that, I'm looking for anecdotal information on the 'data reduction' that
>> happens with bro logs.
>>
>> Example:
>> - The tap/span sees 2TBytes of traffic per day.
>> - All the bro logs files for that day are approx 4GBytes on disk.
>>
>> So in this case the log files are giving about a 500x reduction in data.
>> Again I know there are lots of factors.. just looking for a few data points
>> from folks running Bro on a daily basis. In particular I'd like to get
>> numbers for uncompressed log sizes.
>>
>> Thanks in advance,
>> -Bri
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Landy Bible
Information Security Analyst
The University of Tulsa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170925/1faa5087/attachment.html
More information about the Bro
mailing list