200GB a day - traffic or flows?
John Gerth
gerth at graphics.stanford.edu
Wed Aug 3 13:37:05 EDT 2011
On 8/3/11 7:46 AM, Jonathan Tripathy wrote:
>
> Do you think argus is able to handle a setup using standard hardware which pushes 200GB a day? I intend to run argus on the actual servers, and have a
> dedicated server for reading the stream and writing it out to a database. No switch port mirroring involved.
>
> Do this sound reasonable?
>
Are you talking about 200GB/day of network traffic or 200GB/day of argus flows?
On the small network I monitor, we have one argus sensor on a commodity Dell Precision 490
with a single dual core Xeon 5160, 2GB RAM and a 10G NIC.
The system sees 4-5TB/day from which it generates 40-50M flows/day to local disk.
A second system also connects to the radium instance and inserts the live stream
in a relational DB for realtime analysis.
--
John Gerth gerth at graphics.stanford.edu
More information about the argus
mailing list