100G Bro monitoring technical paper

Vincent_Stoffer · August 10, 2015, 3:53pm

Hello,

As announced at Brocon, we have completed the technical document which describes the architecture of our 100G Bro monitoring system. As part of our project, we created this comprehensive document meant to be shared widely within the security community:

http://go.lbl.gov/100g

The document begins with the background and design decisions and then describes the build process including specific part numbers and configurations. We also include a review of performance and a description of our shunting mechanism, which increases performance by removing large and long-running flows from analysis.

Please feel free to share this link and the document with anyone and direct any questions or comments to security@lbl.gov. A huge thanks to the many folks in our community who helped influence the design of the system and this document.

Thank you,

Vince

Joe_Blow · August 10, 2015, 11:00pm

This is an amazing document. It has pretty much everything you’d need to get off the ground. Arista configs, Bro configs, Bro hardware specs… They did pretty much everything except build it for you.

Add a logging cluster and you’ve got an amazing analytics platform on top of all of your packets.

Fantastic work fellas.

Cheers,

JB

Topic		Replies	Views
Monitoring 10gig. Zeek	1	69	May 6, 2022
recommendations for 10, 40, and 100 Gbit NICS Zeek	1	130	May 6, 2022
Bro News #7 Zeek	1	72	May 6, 2022
nit in scan.bro Zeek	1	82	May 6, 2022
Bro Digest, Vol 150, Issue 14 Zeek	1	85	May 6, 2022

100G Bro monitoring technical paper

Related topics