I'm sure someone out there has done some performance profiling on Bro.
In just my rudimentary monitoring, I find that the running executable
requires anywhere from 5M to 7.2M of memory when running on my local
Linux host, looking at just my own network traffic. Size depends on
number of policies read. It looks to be fairly CPU-efficient in that it
hardly even registers on "top" when monitoring my local net.
I'm wondering if this memory footprint coincides with anyone else's
observations, and is there a way to reduce that footprint to something
smaller. I don't need Bro to have a huge policy, - however, what I want
may require all of Bro functionality. I'm just looking to do to attack
detection (and hopefully blocking) (like the latest 10 "worm" signatures
that may be available).
Regards,
David L. Sames
McAfee Research
15204 Omega Drive
Rockville, MD 20850
301.947.7189 | Direct
301.527.0482 | Fax
david_sames@nai.com | E-mail
<www.mcafeesecurity.com> | Web