[Bro] using netmap framework of freebsd for installing bro

Seth Hall seth at corelight.com
Wed Aug 2 18:30:18 PDT 2017


Sorry about that.  Unfortunately I suggested it as things are in flux. :(

I'm hoping in the next few days I can find some time to repackage the
netmap plugin into a Bro package that people can install through the
package manager.

  .Seth

On Tue, Aug 1, 2017 at 10:57 AM, Michael Shirk <shirkdog.bsd at gmail.com> wrote:
> You will want to look at the how-to for the netmap plugin on GitHub as
> things have changed. However...the how-to has moved.
>
> Seth, where is that info for the plugins now that they are packages?
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> https://www.daemon-security.com
>
> On Aug 1, 2017 10:16 AM, "iraj norouzi" <zeutech at gmail.com> wrote:
>>
>> thank for your reply Seth
>> as mentioned at the
>> https://www.bro.org/sphinx/components/bro-plugins/netmap/README.html for
>> using netmap framework with Bro if there is no customization on netmap you
>> don't need to use --with-netmap option and if you customized netmap it needs
>> to assign netmap option, but when i use ./configure --help i don't find any
>> --with-netmap option and because of that i installed Bro and test it by bro
>> -N Bro::Netmap command on the URL i gave "error in
>> /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::Netmap is
>> not available
>> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: Failed
>> to activate requested dynamic plugin(s)" while when i use tcpdump -i
>> netmap:ocs0 it recognized netmap.
>> so please can you give me the manual for installing bro with netmap and
>> test the functionality of that.
>> as i read on the internet i can run workers equal to my CPU cores and i
>> have 12 CPU core.
>>
>> Regards,
>> Iraj Norouzi
>> +989122494558
>>
>> On Tue, Aug 1, 2017 at 5:17 PM, Seth Hall <seth at corelight.com> wrote:
>>>
>>> This is surprisingly easy now!  Through Corelight we sponsored several
>>> development efforts in conjunction with the Netmap developers.  One of
>>> the biggest things missing is a way to load balance the traffic, but
>>> the netmap respository has a tool in it now for doing that named "lb"
>>> (load balancer).  If you clone the netmap repository and build that
>>> tool you'll be able to balance traffic from a single interface out to
>>> a number of Bro processes.  Conveniently it also has very nice logs
>>> and can do buffering to help you weather traffic spikes.
>>>
>>> Here's the help output from lb....
>>>
>>> usage: lb [options]
>>> where options are:
>>>   -h               view help text
>>>   -i iface         interface name (required)
>>>   -p [prefix:]npipes add a new group of output pipes
>>>   -B nbufs         number of extra buffers (default: 0)
>>>   -b batch         batch size (default: 2048)
>>>   -w seconds         wait for link up (default: 2)
>>>   -W                    enable busy waiting. this will run your CPU at
>>> 100%
>>>   -s seconds       seconds between syslog stats messages (default: 0)
>>>   -o seconds       seconds between stdout stats messages (default: 0)
>>>
>>> You would normally run it like this...
>>>
>>> lb -i <sniffing interface> -p <number of Bro workers> -o 60
>>>
>>> You give it the interface you are sniffing, how many Bro workers you
>>> are going to run and "-o 60" makes it write logs to stdout every 60
>>> seconds.  I need to create a bro-pkg with the netmap plugin that will
>>> make this all a bit easier too.
>>>
>>>   .Seth
>>>
>>> On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
>>> > hi everybody
>>> > i try to install bro on freebsd and because of 10G interface and
>>> > traffic i
>>> > need to use of netmap framework of freebsd but firstly after upgrading
>>> > freebsd port, it didn't upgrade to bro 2.5.1 so i had to download
>>> > source of
>>> > 2.5.1 and use it for installation secondly for installing bro with
>>> > netmap
>>> > framework i found Michael Shirk pdf which mention configure bro with
>>> > netmap
>>> > by --witch-netmap=/usr/src command but there is no --witch-netmap
>>> > option for
>>> > bro configuration, so please help me to install bro on freebsd 11 with
>>> > netmap framework.
>>> > Regards,
>>> > Iraj Norouzi
>>> > +989122494558
>>> >
>>> > _______________________________________________
>>> > Bro mailing list
>>> > bro at bro-ids.org
>>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>>
>>>
>>> --
>>> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com


More information about the Bro mailing list