[Bro] Trying to get Bro to share Myricom cards with tcpdump or Snort

Glenn Forbes Fleming Larratt gl89 at cornell.edu
Fri Mar 20 08:18:29 PDT 2015


Folks,

Can anyone point to a Bro+Snort HOWTO that would help me get Myricom cards 
to share?

1. Following the directions at

   https://www.myricom.com/software/sniffer10g/995-how-can-i-direct-sniffer10g-traffic-to-multiple-applications-using-snf-app-id.html

doesn't really help, because my Bro deployment is a cluster, and the 
environmental variables don't propagate to my worker hosts - in fact,
/proc/{bro_pid}/environ is 0-length on all the processes on the worker 
hosts.

2. I tried to reverse-engineer how Security Onion does it, but I didn't 
really glean anything that would help.

Thanks for any info,
-- 
Glenn Forbes Fleming Larratt
Cornell University IT Security Office


More information about the Bro mailing list