[Bro] Endace card native support for Bro

MILLER, BRAD L BLMILLER at comerica.com
Thu Jul 23 07:12:40 PDT 2015


I am making some new monitoring systems based mostly on Bro, and my company has purchased 10G Endace cards to make things pretty awesome.  That said, I am finding some indications that Bro can support the Endace card API directly if you compile with “--with-DAG=/path/to/dagtool/installation” but this seemed to be experimental long ago, and rumors circulated of it being dropped at some point.  I can’t seem to find any indication in the official docs about retained or dropped support native Endace card support.  The official changelog only cites the introduction of experimental support long ago.

Can I have confirmation that this is still supported?  Is stable?  Is going to be retained as far as anyone knows?  I am using Bro 2.3.x on RHEL x64.

Brad Miller | Comerica Bank
Information Security Architecture
IT Security
Office: 248.371.4249  | Mobile: 920.378.8138

Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150723/13b0ed07/attachment.html 

More information about the Bro mailing list