Module execution

Carl_Rotenan · May 9, 2018, 10:06pm

Hello,

I’m looking to squeeze every bit of performance out of my Bro implementation, and wanted to know:

Is there any over head that be turned off? I’m only looking to capture HTTP, SMTP, and FTP, extract any files in transit, and calculate a SHA1 hash of those files.
Are there any tips for writing fast event code? Are there any known slow moving operations?
Has anyone done any time execution analysis of their code and could share the results?

Thank you as always,

Carl

JonZeolla · May 9, 2018, 11:29pm

Are you optimizing for a specific piece of hardware? Knowing any constraints there will be helpful as there are some changes that can be made based off of the hardware setup or traffic composition/speeds.

Jon

Carl_Rotenan · May 10, 2018, 12:55am

I’m trying to get as close as I can to supporting 10Gbs. I’ve been running upwards of 18 workers supporting 1 10G Intel NIC. As I increase network traffic I’m getting packet loss, and want to explore the code as a bottleneck.

Topic		Replies	Views
Performance Enhancements Development development	13	177	May 6, 2022
building a new bro server Zeek	2	99	May 6, 2022
Performance questions Zeek	3	89	May 6, 2022
A more parallel Bro Zeek	2	61	May 6, 2022
question about bro's performance Zeek	1	86	May 6, 2022

Module execution

Related topics