[Bro] - recommended DB for Bro logs

Zeolla@GMail.com zeolla at gmail.com
Tue Dec 18 03:25:09 PST 2018


Regarding the kafka plugin, please be aware of
https://github.com/apache/metron-bro-plugin-kafka/pull/20

The issue only happens on shutdown, and that PR currently fixes it but more
root cause analysis is needed.

That issue is in the latest release, 0.2.  master has some improved tests
and features, and once the above PR is merged we will be releasing 0.3.

Jon

On Tue, Dec 18, 2018, 2:08 AM william de ping <bill.de.ping at gmail.com>
wrote:

> Thank you all for your suggestions !
>
> I've decided to simultaneously deploy several solutions with the same
> traffic and benchmark them in retrospect.
> Candidates are oracle db, elk and splunk.
> Since no writer exists for all of the above DB's, I will use the kafka
> writer and use kafka queue as a middle man for each of the database
> consumers.
>
> I will update when results are in.
> Feel free to respond with any further insights
>
> B
>
> On Mon, Dec 10, 2018 at 12:06 AM bkeep <bkeep at alias454studios.com> wrote:
>
>> I've had some success using Graylog. I send BRO logs via rsyslog to a
>> Graylog collector and utilize pipeline processing rules in Graylog for
>> message enrichment. https://github.com/alias454/graylog-bro-content-pack.
>> On 12/9/18 9:12 AM, william de ping wrote:
>>
>> Hi all,
>>
>> I would appreciate recommendations for a DB server that is most suited
>> for ingesting and digesting Bro logs.
>>
>> I know of some use cases involving splunk and the Splunk Bro app, but
>> price and performance wise (10GBps incoming traffic) it does not seem to be
>> the best solution out there.
>>
>> Does anyone have any experience with Bro and  ElasticSearch | Redis |
>> MySQL ?
>>
>> I am looking into different solutions and would appreciate your thoughts.
>>
>> Thanks in advance
>> B
>>
>>
>> _______________________________________________
>> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 

Jon Zeolla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181218/923f20f0/attachment.html 


More information about the Bro mailing list