[Bro] - recommended DB for Bro logs
Zeolla@GMail.com
zeolla at gmail.com
Sun Dec 9 12:24:56 PST 2018
RE: Clark, not to hijack the thread but that isn't true. Assuming you're
referring to the note in the plugin that says "Metron currently doesn't
support IPv6 source or destination IPs in the default enrichments" this
just means there isn't a built-in *example enrichment* that supports IPv6.
The platform itself has full IPv6 support end to end without issue, I have
been doing it for years. If you want to chat more on this we should talk
elsewhere.
Jon
On Sun, Dec 9, 2018 at 1:53 PM Daniel Guerra <daniel.guerra69 at gmail.com>
wrote:
> I like kibana as frontend. So the choice would be elastic. I switched to
> elassandra. Elastic is way to slow for bro. With a file buffer or a broker
> like Kafka all goes well.If you use elastic, split the bro types e.g.
> Conn ssl etc. This is to avoid mapping collisions.
> MySQL is a great database, consider timebased databases, because after
> 100mil records the performance goes down.
>
>
> On Sun, Dec 9, 2018, 4:20 PM william de ping <bill.de.ping at gmail.com
> wrote:
>
>> Hi all,
>>
>> I would appreciate recommendations for a DB server that is most suited
>> for ingesting and digesting Bro logs.
>>
>> I know of some use cases involving splunk and the Splunk Bro app, but
>> price and performance wise (10GBps incoming traffic) it does not seem to be
>> the best solution out there.
>>
>> Does anyone have any experience with Bro and ElasticSearch | Redis |
>> MySQL ?
>>
>> I am looking into different solutions and would appreciate your thoughts.
>>
>> Thanks in advance
>> B
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon Zeolla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181209/1764c3dd/attachment.html
More information about the Bro
mailing list