[Bro] - recommended DB for Bro logs
Zeolla@GMail.com
zeolla at gmail.com
Tue Dec 18 03:25:09 PST 2018
Regarding the kafka plugin, please be aware of
https://github.com/apache/metron-bro-plugin-kafka/pull/20
The issue only happens on shutdown, and that PR currently fixes it but more
root cause analysis is needed.
That issue is in the latest release, 0.2. master has some improved tests
and features, and once the above PR is merged we will be releasing 0.3.
Jon
On Tue, Dec 18, 2018, 2:08 AM william de ping <bill.de.ping at gmail.com>
wrote:
> Thank you all for your suggestions !
>
> I've decided to simultaneously deploy several solutions with the same
> traffic and benchmark them in retrospect.
> Candidates are oracle db, elk and splunk.
> Since no writer exists for all of the above DB's, I will use the kafka
> writer and use kafka queue as a middle man for each of the database
> consumers.
>
> I will update when results are in.
> Feel free to respond with any further insights
>
> B
>
> On Mon, Dec 10, 2018 at 12:06 AM bkeep <bkeep at alias454studios.com> wrote:
>
>> I've had some success using Graylog. I send BRO logs via rsyslog to a
>> Graylog collector and utilize pipeline processing rules in Graylog for
>> message enrichment. https://github.com/alias454/graylog-bro-content-pack.
>> On 12/9/18 9:12 AM, william de ping wrote:
>>
>> Hi all,
>>
>> I would appreciate recommendations for a DB server that is most suited
>> for ingesting and digesting Bro logs.
>>
>> I know of some use cases involving splunk and the Splunk Bro app, but
>> price and performance wise (10GBps incoming traffic) it does not seem to be
>> the best solution out there.
>>
>> Does anyone have any experience with Bro and ElasticSearch | Redis |
>> MySQL ?
>>
>> I am looking into different solutions and would appreciate your thoughts.
>>
>> Thanks in advance
>> B
>>
>>
>> _______________________________________________
>> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon Zeolla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181218/923f20f0/attachment.html
More information about the Bro
mailing list