[Bro] - recommended DB for Bro logs
william de ping
bill.de.ping at gmail.com
Mon Dec 17 23:00:50 PST 2018
Thank you all for your suggestions !
I've decided to simultaneously deploy several solutions with the same
traffic and benchmark them in retrospect.
Candidates are oracle db, elk and splunk.
Since no writer exists for all of the above DB's, I will use the kafka
writer and use kafka queue as a middle man for each of the database
consumers.
I will update when results are in.
Feel free to respond with any further insights
B
On Mon, Dec 10, 2018 at 12:06 AM bkeep <bkeep at alias454studios.com> wrote:
> I've had some success using Graylog. I send BRO logs via rsyslog to a
> Graylog collector and utilize pipeline processing rules in Graylog for
> message enrichment. https://github.com/alias454/graylog-bro-content-pack.
> On 12/9/18 9:12 AM, william de ping wrote:
>
> Hi all,
>
> I would appreciate recommendations for a DB server that is most suited for
> ingesting and digesting Bro logs.
>
> I know of some use cases involving splunk and the Splunk Bro app, but
> price and performance wise (10GBps incoming traffic) it does not seem to be
> the best solution out there.
>
> Does anyone have any experience with Bro and ElasticSearch | Redis |
> MySQL ?
>
> I am looking into different solutions and would appreciate your thoughts.
>
> Thanks in advance
> B
>
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181218/a9773bfb/attachment.html
More information about the Bro
mailing list