[Zeek] Projected Throughput
Johanna Amann
johanna at icir.org
Fri Apr 5 20:24:50 PDT 2019
Hi,
I know this is a bit late, but still...
> I've built a 1U box (Xeon Bronze-3104 / 16 GB RAM / 10GBase-T ports with
> Intel X557) and I'm wondering if it's able to manage a certain level of
> traffic; in this case, a sustained daily rate of 10MBps, spiking at
> 15MBps (please note, MBps, not Mbps - I know I could easily handle a
> sustained 15 Mbps). I'll be analyzing traffic on a large corporate
> network. What do you think? Is it underpowered? Way overboard? Any best
> guesses about the max level of throughput it could handle?
15 megabytes per second is still only around 120 megabit per second. While
it always depends on the traffic, for the things that I have typically
seen you should not have any problems; I am not even sure if you will need
a cluster setup for that, a standalone Bro process might be enough.
Johanna
More information about the Zeek
mailing list