I am running Bro in cluster mode using pf_ring to make it utilize the different cores of a system. Now I am wondering if the Bro devs have outlined the hardware requirements to be able to handle about 1gbps traffic. Specifically
Regards,
Vikram Basu
Seceon Inc.
Hi,
no, we don't really have exact hardware requirements/specifications
outlined anywhere since this is really dependent on your traffic - and
available hardware changes all the time. Since 1GB of mixed traffic is not
really all that much I assume that you are ok with any recent hardware
with a number of CPUs and a bit of Ram (10GB or so available per Bro
process should be enough).
There are a couple of postings on this mailing list that talk about the
configuration that some people use; however the most recent one I can find
was at the beginning of 2016: http://mailman.icsi.berkeley.edu/pipermail/bro/2016-January/009481.html
Johanna