[Bro] Trying to get Bro to share Myricom cards with tcpdump or Snort

Glenn Forbes Fleming Larratt gl89 at cornell.edu
Fri Mar 20 08:18:29 PDT 2015


Can anyone point to a Bro+Snort HOWTO that would help me get Myricom cards 
to share?

1. Following the directions at


doesn't really help, because my Bro deployment is a cluster, and the 
environmental variables don't propagate to my worker hosts - in fact,
/proc/{bro_pid}/environ is 0-length on all the processes on the worker 

2. I tried to reverse-engineer how Security Onion does it, but I didn't 
really glean anything that would help.

Thanks for any info,
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

More information about the Bro mailing list