What is the speed of the Reflector?

Owned by Carlos Osorio
Nov 10, 2020
1 min read


SUMMARY

The Snare Server Collector / Reflector is a very flexible tool for filtering and editing event log data. It is capable of filtering events on a per-destination basis. It can convert data from one format to another, and it can even modify the event information on the fly to suit your target SIEM server or syslog destination.

The reflector speed is largely dependent on the speed of the server it runs on. It can do around 50k EPS on desktop hardware. There are also some other factors that affect the speed:

  • the number of filters in place as they add a small amount of overhead for each one

  • UDP, TCP and TLS will also operate at slightly different speeds

  • the speed of the end collection system, as it depends on how fast it can take events as the reflector will throttle down to the speed of this other end point when using TCP or TLS.