traffic vs log size

Brian_Wylie · September 24, 2017, 9:52pm

Hi All,

I know these questions have lots of variables and ‘it depends’ but modulo that, I’m looking for anecdotal information on the ‘data reduction’ that happens with bro logs.

Example:

The tap/span sees 2TBytes of traffic per day.
All the bro logs files for that day are approx 4GBytes on disk.

So in this case the log files are giving about a 500x reduction in data. Again I know there are lots of factors… just looking for a few data points from folks running Bro on a daily basis. In particular I’d like to get numbers for uncompressed log sizes.

Thanks in advance,
-Bri

JonZeolla · September 25, 2017, 11:49am

My bro sensors are sent about 56TB/day and log around 600GB/day uncompressed.

Jon

Bible_Landy · September 25, 2017, 1:13pm

Sample size of one day… 138.5 GB of traffic, 12.6 GB of logs.

Brian_Wylie · September 25, 2017, 6:12pm

Thanks for the info guys…

Topic		Replies	Views
Get the license usage down in Splunk when indexing Bro Zeek	2	87	May 6, 2022
logging in bro Zeek	1	84	May 6, 2022
Daily report and Byte Transfer Pairs Zeek	1	82	May 6, 2022
logging in bro Zeek	1	138	May 6, 2022
Bro performance & sizing question Zeek	3	109	May 6, 2022

traffic vs log size

Related topics