[Bro] Endace card native support for Bro
Aaron Gee-Clough
lists at g-clef.net
Thu Jul 23 08:29:55 PDT 2015
I'm using an Endace card with Bro right now. I'm doing it through
libpcap, not directly, though. I just compiled libpcap for the dag card,
then point bro to that libpcap.
aaron
On 07/23/2015 10:12 AM, MILLER, BRAD L wrote:
> Hello-
>
>
>
> I am making some new monitoring systems based mostly on Bro, and my
> company has purchased 10G Endace cards to make things pretty awesome.
> That said, I am finding some indications that Bro can support the Endace
> card API directly if you compile with
> “--with-DAG=/path/to/dagtool/installation” but this seemed to be
> experimental long ago, and rumors circulated of it being dropped at some
> point. I can’t seem to find any indication in the official docs about
> retained or dropped support native Endace card support. The official
> changelog only cites the introduction of experimental support long ago.
>
>
>
> Can I have confirmation that this is still supported? Is stable? Is
> going to be retained as far as anyone knows? I am using Bro 2.3.x on
> RHEL x64.
>
>
>
>
>
>
>
> Brad Miller | Comerica Bank
>
> Information Security Architecture
>
> IT Security
>
> Office: 248.371.4249 | Mobile: 920.378.8138
>
>
>
>
>
> Please be aware that if you reply directly to this particular message,
> your reply may not be secure. Do not use email to send us communications
> that contain unencrypted confidential information such as passwords,
> account numbers or Social Security numbers. If you must provide this
> type of information, please visit comerica.com to submit a secure form
> using any of the ”Contact Us” forms. In addition, you should not send
> via email any inquiry or request that may be time sensitive. The
> information in this e-mail is confidential. It is intended for the
> individual or entity to whom it is addressed. If you have received this
> email in error, please destroy or delete the message and advise the
> sender of the error by return email.
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list