[Bro] Broctl pf_ring_DNA support / Bro at 100G
Daniel Thayer
dnthayer at illinois.edu
Wed Oct 30 10:40:13 PDT 2013
On 10/30/2013 11:43 AM, Gary Faulkner wrote:
> Hello,
>
> We recently lit up a 100G link and are attempting to tackle migrating
> our IDS and monitoring infrastructure from 10G to 100G capabilities. We
> have an existing set of servers that we are are using to evaluate SNORT,
> Suricata and Bro on with a 100G Gigamon upstream. For purposes of a Bro
> proof of concept I have two of the following Dell 720s to start from:
>
> Dell 720XD
> 64 G RAM (1600 MHz RDIMMS)
> 30TB (usable) RAID 6 7.2K RPM SAS 6Gbps
> 2 146GB 15K RPM SAS 6Gbps
> 2 Intel Xeon E5-2670 2.60GHz, 20M Cache, 8.0GT/s QPI, Turbo, 8C
> 3 Intel X520 DP 10Gb DA/SFP+
>
> I'm starting from build 2.2-beta-114 and looking at using it and PF_RING
> with the DNA drivers for the Intel cards for now as some of the other
> popular cards are "complicated" for us to get approval to purchase. I
> haven't found much info on running Bro this way other than issue ID 845
> <https://bro-tracker.atlassian.net/browse/BIT-845> and even that only
> suggests that there is a Bro Control plugin in the works for this, but
> that it may not be fully tested yet. Has anyone tried the plugin yet or
> have any experience configuring Bro and PF_RING/DNA to work together?
>
> Regards,
>
> --
> Gary Faulkner
> UW Madison
> Office of Campus Information Security
> 608-262-8591
If you want to test the PF_RING/DNA plugin, then you'll need to use
the BroControl in the branch "topic/dnthayer/ticket845" (in the broctl
git repo), but I'm not sure if anyone has successfully used it yet.
More information about the Bro
mailing list