[Bro] using netmap framework of freebsd for installing bro
seth at corelight.com
Tue Aug 1 05:47:16 PDT 2017
This is surprisingly easy now! Through Corelight we sponsored several
development efforts in conjunction with the Netmap developers. One of
the biggest things missing is a way to load balance the traffic, but
the netmap respository has a tool in it now for doing that named "lb"
(load balancer). If you clone the netmap repository and build that
tool you'll be able to balance traffic from a single interface out to
a number of Bro processes. Conveniently it also has very nice logs
and can do buffering to help you weather traffic spikes.
Here's the help output from lb....
usage: lb [options]
where options are:
-h view help text
-i iface interface name (required)
-p [prefix:]npipes add a new group of output pipes
-B nbufs number of extra buffers (default: 0)
-b batch batch size (default: 2048)
-w seconds wait for link up (default: 2)
-W enable busy waiting. this will run your CPU at 100%
-s seconds seconds between syslog stats messages (default: 0)
-o seconds seconds between stdout stats messages (default: 0)
You would normally run it like this...
lb -i <sniffing interface> -p <number of Bro workers> -o 60
You give it the interface you are sniffing, how many Bro workers you
are going to run and "-o 60" makes it write logs to stdout every 60
seconds. I need to create a bro-pkg with the netmap plugin that will
make this all a bit easier too.
On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
> hi everybody
> i try to install bro on freebsd and because of 10G interface and traffic i
> need to use of netmap framework of freebsd but firstly after upgrading
> freebsd port, it didn't upgrade to bro 2.5.1 so i had to download source of
> 2.5.1 and use it for installation secondly for installing bro with netmap
> framework i found Michael Shirk pdf which mention configure bro with netmap
> by --witch-netmap=/usr/src command but there is no --witch-netmap option for
> bro configuration, so please help me to install bro on freebsd 11 with
> netmap framework.
> Iraj Norouzi
> Bro mailing list
> bro at bro-ids.org
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro