[Bro] Broctl pf_ring_DNA support / Bro at 100G
Gary Faulkner
gary at doit.wisc.edu
Wed Oct 30 09:43:52 PDT 2013
Hello,
We recently lit up a 100G link and are attempting to tackle migrating
our IDS and monitoring infrastructure from 10G to 100G capabilities. We
have an existing set of servers that we are are using to evaluate SNORT,
Suricata and Bro on with a 100G Gigamon upstream. For purposes of a Bro
proof of concept I have two of the following Dell 720s to start from:
Dell 720XD
64 G RAM (1600 MHz RDIMMS)
30TB (usable) RAID 6 7.2K RPM SAS 6Gbps
2 146GB 15K RPM SAS 6Gbps
2 Intel Xeon E5-2670 2.60GHz, 20M Cache, 8.0GT/s QPI, Turbo, 8C
3 Intel X520 DP 10Gb DA/SFP+
I'm starting from build 2.2-beta-114 and looking at using it and PF_RING
with the DNA drivers for the Intel cards for now as some of the other
popular cards are "complicated" for us to get approval to purchase. I
haven't found much info on running Bro this way other than issue ID 845
<https://bro-tracker.atlassian.net/browse/BIT-845> and even that only
suggests that there is a Bro Control plugin in the works for this, but
that it may not be fully tested yet. Has anyone tried the plugin yet or
have any experience configuring Bro and PF_RING/DNA to work together?
Regards,
--
Gary Faulkner
UW Madison
Office of Campus Information Security
608-262-8591
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131030/65337af4/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131030/65337af4/attachment.bin
More information about the Bro
mailing list