[Bro] Trying to get Bro to share Myricom cards with tcpdump or Snort
Glenn Forbes Fleming Larratt
gl89 at cornell.edu
Fri Mar 20 12:00:26 PDT 2015
Folks,
What a resource this list is! Thanks to Brandon, Aashish, and Michał, I
have the answer I need - configuring "env_vars=" in Bro's node.cfg file
did the trick.
Many thanks!
-g
--
Glenn Forbes Fleming Larratt
Cornell University IT Security Office
On Fri, 20 Mar 2015, Glenn Forbes Fleming Larratt wrote:
> Folks,
>
> Can anyone point to a Bro+Snort HOWTO that would help me get Myricom cards
> to share?
>
> 1. Following the directions at
>
> https://www.myricom.com/software/sniffer10g/995-how-can-i-direct-sniffer10g-traffic-to-multiple-applications-using-snf-app-id.html
>
> doesn't really help, because my Bro deployment is a cluster, and the
> environmental variables don't propagate to my worker hosts - in fact,
> /proc/{bro_pid}/environ is 0-length on all the processes on the worker
> hosts.
>
> 2. I tried to reverse-engineer how Security Onion does it, but I didn't
> really glean anything that would help.
>
> Thanks for any info,
>
More information about the Bro
mailing list