[Bro] Endace card native support for Bro

Aaron Gee-Clough lists at g-clef.net
Thu Jul 23 08:29:55 PDT 2015 

I'm using an Endace card with Bro right now. I'm doing it through
libpcap, not directly, though. I just compiled libpcap for the dag card,
then point bro to that libpcap.

aaron

On 07/23/2015 10:12 AM, MILLER, BRAD L wrote:
> Hello-
> 
>  
> 
> I am making some new monitoring systems based mostly on Bro, and my
> company has purchased 10G Endace cards to make things pretty awesome. 
> That said, I am finding some indications that Bro can support the Endace
> card API directly if you compile with
> “--with-DAG=/path/to/dagtool/installation” but this seemed to be
> experimental long ago, and rumors circulated of it being dropped at some
> point.  I can’t seem to find any indication in the official docs about
> retained or dropped support native Endace card support.  The official
> changelog only cites the introduction of experimental support long ago. 
> 
>  
> 
> Can I have confirmation that this is still supported?  Is stable?  Is
> going to be retained as far as anyone knows?  I am using Bro 2.3.x on
> RHEL x64. 
> 
>  
> 
>  
> 
>  
> 
> Brad Miller | Comerica Bank
> 
> Information Security Architecture
> 
> IT Security
> 
> Office: 248.371.4249  | Mobile: 920.378.8138
> 
>  
> 
> 
> 
> Please be aware that if you reply directly to this particular message,
> your reply may not be secure. Do not use email to send us communications
> that contain unencrypted confidential information such as passwords,
> account numbers or Social Security numbers. If you must provide this
> type of information, please visit comerica.com to submit a secure form
> using any of the ”Contact Us” forms. In addition, you should not send
> via email any inquiry or request that may be time sensitive. The
> information in this e-mail is confidential. It is intended for the
> individual or entity to whom it is addressed. If you have received this
> email in error, please destroy or delete the message and advise the
> sender of the error by return email.
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>

More information about the Bro mailing list