[Bro] using netmap framework of freebsd for installing bro
shirkdog.bsd at gmail.com
Tue Aug 1 07:57:25 PDT 2017
You will want to look at the how-to for the netmap plugin on GitHub as
things have changed. However...the how-to has moved.
Seth, where is that info for the plugins now that they are packages?
Daemon Security, Inc.
On Aug 1, 2017 10:16 AM, "iraj norouzi" <zeutech at gmail.com> wrote:
> thank for your reply Seth
> as mentioned at the https://www.bro.org/sphinx
> /components/bro-plugins/netmap/README.html for using netmap framework
> with Bro if there is no customization on netmap you don't need to use
> --with-netmap option and if you customized netmap it needs to assign netmap
> option, but when i use ./configure --help i don't find any --with-netmap
> option and because of that i installed Bro and test it by bro -N
> Bro::Netmap command on the URL i gave "error in
> /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::Netmap
> is not available
> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
> Failed to activate requested dynamic plugin(s)" while when i use tcpdump -i
> netmap:ocs0 it recognized netmap.
> so please can you give me the manual for installing bro with netmap and
> test the functionality of that.
> as i read on the internet i can run workers equal to my CPU cores and i
> have 12 CPU core.
> *Regards,Iraj Norouzi*
> *+989122494558 <+98%20912%20249%204558>*
> On Tue, Aug 1, 2017 at 5:17 PM, Seth Hall <seth at corelight.com> wrote:
>> This is surprisingly easy now! Through Corelight we sponsored several
>> development efforts in conjunction with the Netmap developers. One of
>> the biggest things missing is a way to load balance the traffic, but
>> the netmap respository has a tool in it now for doing that named "lb"
>> (load balancer). If you clone the netmap repository and build that
>> tool you'll be able to balance traffic from a single interface out to
>> a number of Bro processes. Conveniently it also has very nice logs
>> and can do buffering to help you weather traffic spikes.
>> Here's the help output from lb....
>> usage: lb [options]
>> where options are:
>> -h view help text
>> -i iface interface name (required)
>> -p [prefix:]npipes add a new group of output pipes
>> -B nbufs number of extra buffers (default: 0)
>> -b batch batch size (default: 2048)
>> -w seconds wait for link up (default: 2)
>> -W enable busy waiting. this will run your CPU at
>> -s seconds seconds between syslog stats messages (default: 0)
>> -o seconds seconds between stdout stats messages (default: 0)
>> You would normally run it like this...
>> lb -i <sniffing interface> -p <number of Bro workers> -o 60
>> You give it the interface you are sniffing, how many Bro workers you
>> are going to run and "-o 60" makes it write logs to stdout every 60
>> seconds. I need to create a bro-pkg with the netmap plugin that will
>> make this all a bit easier too.
>> On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
>> > hi everybody
>> > i try to install bro on freebsd and because of 10G interface and
>> traffic i
>> > need to use of netmap framework of freebsd but firstly after upgrading
>> > freebsd port, it didn't upgrade to bro 2.5.1 so i had to download
>> source of
>> > 2.5.1 and use it for installation secondly for installing bro with
>> > framework i found Michael Shirk pdf which mention configure bro with
>> > by --witch-netmap=/usr/src command but there is no --witch-netmap
>> option for
>> > bro configuration, so please help me to install bro on freebsd 11 with
>> > netmap framework.
>> > Regards,
>> > Iraj Norouzi
>> > +989122494558 <+98%20912%20249%204558>
>> > _______________________________________________
>> > Bro mailing list
>> > bro at bro-ids.org
>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro