[Bro] Version: 2.0-907 -- Bro manager memory exhaustion

Tritium Cat tritium.cat at gmail.com
Wed Aug 1 14:31:46 PDT 2012


On Wed, Aug 1, 2012 at 8:59 PM, Scott Campbell <scampbell at lbl.gov> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have noticed that there seems to be a large volume of "soft"
> information for high performance bro installations.  This is
> particularly true with PF_RING/DNA/libzero configuration and use.
> Finding nice simple examples are also a bit scarce.
>
> My proposal to address this is as follows: For anybody willing to
> document this info - something as simple as a cut and paste of the
> PF_RING/ixgbe startup configs and the node.cfg - I will purchase a
> beer*.  We will put this info up on the Bro web site for the
> edification of those staring into the abyss of 10 (or 100!) G.
>
> That is it.  This project is personal and not funded or supported by
> ICSI or anybody else for that matter.  Can you imagine the IRB?
>
> cheers!
> scott
>
> * Till I run out of money dedicated to the Bro documentation liquidity
> fund.  :-)
>
>

Here here.  This configures the IXGBE card at boot.


#!/bin/sh
################################
# bro_setup_capture.sh
#
#
# Load Intel Driver - allow_any_sfp patch applied to code
#                       to use cheap Finistar SFPs.  see [1] below.
#
#
#       [1] http://lasdkfjslkdf
#
rmmod ixgbe
modprobe ixgbe allow_any_sfp=1


# Turn on PF_RING
#       Have to recompile and reinstall after upgrading kernel.
#
rmmod pf_ring
modprobe pf_ring transparent_mode=2 enable_tx_capture=0


# Adjust interface features
#
ethtool -K eth5 rx off
ethtool -K eth5 tx off
ethtool -K eth5 sg off
ethtool -K eth5 tso off
#ethtool -K eth5 ufo off
ethtool -K eth5 gso off
ethtool -K eth5 gro off
ethtool -K eth5 lro off
ethtool -K eth5 rxvlan off
ethtool -K eth5 txvlan off
ethtool -K eth5 ntuple on
#
ethtool -s eth5 speed 10000 duplex full
ifconfig eth5 mtu 9600
ifconfig eth5 up

# Start bro, first check config.
#
#/usr/local/3rd-party/bin/broctl check
#/usr/local/3rd-party/bin/broctl start


This sets the capabilities after installing bro.


#!/bin/sh
#######################
# bro_set_capabilities.sh
#
# - After installing bro and setting ownership to bro, the
# capabilities need to be modified to allow packet capture.
#
# Make sure to edit lib/broctl/BroControl/install.py and adjust
# the 'Syncs' array: set 'bindir' and 'libdir' to False to avoid
# overwriting the binaries below.  This also helps when running
# the manager on a different platform (freebsd vs linux).
#
setcap cap_net_raw,cap_net_admin=eip /usr/local/3rd-party/bro/bin/bro
setcap cap_net_raw,cap_net_admin=eip /usr/local/3rd-party/bro/bin/capstats
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120801/ced8fe2e/attachment.html 


More information about the Bro mailing list