Hi all,
I have been using Zeek, which used to be called Bro, to process packets and look at network traffic from a security perspective. So far it has proven useful in my security monitoring capabilities. My only problem really is running into issues in processing evens in large quantities of log data.
When I analyze the HTTP logs, I run into delayed responses when I run into a lot of traffic.
I have Zeek configured to collect and log different events, but I do see some delays in my log analyze process. When I try to optimize my log processing pipeline, it helps a little but not when a lot of data is involved. And I am not sure whether there is a better way to process logs during heavy traffic runs.
I came across this website:https://community.zeek.org/t/2-1-file-analysis-logging-in-2-2/3010/devops-Interview-Questions- still facing issues.
I have been digging around the Zeek documentation and community discussion, but I am also interested in hearing if anyone has generated various strategies for optimizing log analysis performance for Zeek, especially when there is a lot of more heavy traffic. What types of practices, tools, or configurations if any have you implemented and found useful?
Thanks for your time and insight!
Best,
nepecudi