[Bro] Trying to get Bro to share Myricom cards with tcpdump or Snort

Glenn Forbes Fleming Larratt gl89 at cornell.edu
Fri Mar 20 12:00:26 PDT 2015


What a resource this list is! Thanks to Brandon, Aashish, and Michał, I 
have the answer I need - configuring "env_vars=" in Bro's node.cfg file
did the trick.

Many thanks!


Glenn Forbes Fleming Larratt
Cornell University IT Security Office

On Fri, 20 Mar 2015, Glenn Forbes Fleming Larratt wrote:

> Folks,
> Can anyone point to a Bro+Snort HOWTO that would help me get Myricom cards
> to share?
> 1. Following the directions at
>   https://www.myricom.com/software/sniffer10g/995-how-can-i-direct-sniffer10g-traffic-to-multiple-applications-using-snf-app-id.html
> doesn't really help, because my Bro deployment is a cluster, and the
> environmental variables don't propagate to my worker hosts - in fact,
> /proc/{bro_pid}/environ is 0-length on all the processes on the worker
> hosts.
> 2. I tried to reverse-engineer how Security Onion does it, but I didn't
> really glean anything that would help.
> Thanks for any info,

More information about the Bro mailing list