[Bro] - recommended DB for Bro logs
Daniel Guerra
daniel.guerra69 at gmail.com
Sun Dec 9 10:45:06 PST 2018
I like kibana as frontend. So the choice would be elastic. I switched to
elassandra. Elastic is way to slow for bro. With a file buffer or a broker
like Kafka all goes well.If you use elastic, split the bro types e.g. Conn
ssl etc. This is to avoid mapping collisions.
MySQL is a great database, consider timebased databases, because after
100mil records the performance goes down.
On Sun, Dec 9, 2018, 4:20 PM william de ping <bill.de.ping at gmail.com wrote:
> Hi all,
>
> I would appreciate recommendations for a DB server that is most suited for
> ingesting and digesting Bro logs.
>
> I know of some use cases involving splunk and the Splunk Bro app, but
> price and performance wise (10GBps incoming traffic) it does not seem to be
> the best solution out there.
>
> Does anyone have any experience with Bro and ElasticSearch | Redis |
> MySQL ?
>
> I am looking into different solutions and would appreciate your thoughts.
>
> Thanks in advance
> B
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181209/fa384494/attachment.html
More information about the Bro
mailing list