[Bro] Endace card native support for Bro

Robin Sommer robin at icir.org
Thu Jul 23 08:07:54 PDT 2015 

It's not supported anymore. We used to have native support for Endace
cards but it hadn't been maintained for a while and was thus removed.
Thst said, it shouldn't be that hard to add it back now through an
external plugin (plugins are in Bro 2.4). It would just take somebody
familiar with the API.

Robin

On Thu, Jul 23, 2015 at 14:12 +0000, MILLER, BRAD L wrote:

> Hello-
> 
> I am making some new monitoring systems based mostly on Bro, and my company has purchased 10G Endace cards to make things pretty awesome.  That said, I am finding some indications that Bro can support the Endace card API directly if you compile with “--with-DAG=/path/to/dagtool/installation” but this seemed to be experimental long ago, and rumors circulated of it being dropped at some point.  I can’t seem to find any indication in the official docs about retained or dropped support native Endace card support.  The official changelog only cites the introduction of experimental support long ago.
> 
> Can I have confirmation that this is still supported?  Is stable?  Is going to be retained as far as anyone knows?  I am using Bro 2.3.x on RHEL x64.
> 
> 
> 
> Brad Miller | Comerica Bank
> Information Security Architecture
> IT Security
> Office: 248.371.4249  | Mobile: 920.378.8138
> 
> 
> 
> Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro


-- 
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin

More information about the Bro mailing list