Are there any available benchmarks by which the community measures NIC selection? I.E., How do others known which hardware baseline to choose for a given traffic volume while using Zeek.
What’s your expected throughput? For anything from 1Gbit up just use Intel X710 based cards.
The Suricata running guide we wrote a while ago applies to Zeek as well.
https://github.com/pevma/SEPTun
https://github.com/pevma/SEPTun-Mark-II
Gone are the days of Myricoms, etc. It’s rather unlikely you will need dedicated capture cards either.
Thanks, I was unaware of these two guides. Appreciate the extra detail about probably not needing a dedicated card.
I’ll dig into these and drop more questions as they come up.