[Bro] multiple workers per cluster node
William Jones
jones at tacc.utexas.edu
Fri Mar 4 15:52:23 PST 2011
Instead of
For each worker I have this:
[nids-21a]
type=worker
host=10.142.148.21
interface=eth4
[nids-21b]
type=worker
host=10.142.148.21
interface=eth5
Try:
For each worker I have this:
[nids-21]
type=worker
host=10.142.148.21
interface=eth4 -Ieth5
If you node had motile nodes you can write a pcap filter to split the ip space into multiples of 2,4 or 8 and run 2, 4, or 8 instance on the node.
This set up allow one bro instance to see by sides of the same flow and will allow you to take advanced of all the cpu on a node.
Bill Jones
-----Original Message-----
From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf Of Dop
Sent: Friday, March 04, 2011 4:30 PM
To: bro at bro-ids.org
Subject: [Bro] multiple workers per cluster node
Hopefully quick question. How would you go about configuring Bro cluster
nodes to each run dual clients (one per input interface)?
Ie, all of my systems have input sources on eth4 and eth5. Instead of
bonding those together and running a single Bro thread on bond0, I'd
rather have two. Something is getting super confused when I try to do it:
For each worker I have this:
[nids-21a]
type=worker
host=10.142.148.21
interface=eth4
[nids-21b]
type=worker
host=10.142.148.21
interface=eth5
[BroControl] > start
starting manager ...
starting proxy-1 ...
starting nids-21a ...
starting nids-21b ...
starting nids-22a ...
starting nids-22b ...
starting nids-23a ...
starting nids-23b ...
starting nids-24a ...
starting nids-24b ...
(nids-22a still initializing)
(nids-21b still initializing)
(nids-23b still initializing)
(nids-21a still initializing)
What's strange is that it seems to fail unevenly. Fails totally on 21,
partially on 22 and 23, but works on 24. It's always the same nodes
failing.
Thanks,
-Dop
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list