[Bro] using netmap framework of freebsd for installing bro

Seth Hall seth at corelight.com
Tue Aug 1 05:47:16 PDT 2017


This is surprisingly easy now!  Through Corelight we sponsored several
development efforts in conjunction with the Netmap developers.  One of
the biggest things missing is a way to load balance the traffic, but
the netmap respository has a tool in it now for doing that named "lb"
(load balancer).  If you clone the netmap repository and build that
tool you'll be able to balance traffic from a single interface out to
a number of Bro processes.  Conveniently it also has very nice logs
and can do buffering to help you weather traffic spikes.

Here's the help output from lb....

usage: lb [options]
where options are:
  -h               view help text
  -i iface         interface name (required)
  -p [prefix:]npipes add a new group of output pipes
  -B nbufs         number of extra buffers (default: 0)
  -b batch         batch size (default: 2048)
  -w seconds         wait for link up (default: 2)
  -W                    enable busy waiting. this will run your CPU at 100%
  -s seconds       seconds between syslog stats messages (default: 0)
  -o seconds       seconds between stdout stats messages (default: 0)

You would normally run it like this...

lb -i <sniffing interface> -p <number of Bro workers> -o 60

You give it the interface you are sniffing, how many Bro workers you
are going to run and "-o 60" makes it write logs to stdout every 60
seconds.  I need to create a bro-pkg with the netmap plugin that will
make this all a bit easier too.

  .Seth

On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
> hi everybody
> i try to install bro on freebsd and because of 10G interface and traffic i
> need to use of netmap framework of freebsd but firstly after upgrading
> freebsd port, it didn't upgrade to bro 2.5.1 so i had to download source of
> 2.5.1 and use it for installation secondly for installing bro with netmap
> framework i found Michael Shirk pdf which mention configure bro with netmap
> by --witch-netmap=/usr/src command but there is no --witch-netmap option for
> bro configuration, so please help me to install bro on freebsd 11 with
> netmap framework.
> Regards,
> Iraj Norouzi
> +989122494558
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com


More information about the Bro mailing list