[Bro] Checking symmetric traffic using bro
Zhi-Wei Lu
zwlu at ucdavis.edu
Fri Apr 21 16:32:49 PDT 2017
Hi Bro experts,
We are newbie of bro and are in the process of testing a bro setup using Arista 7150 to split traffic using symmetric hashing, sending them to bro cluster. Could bro tell how well the symmetric hashing mechanism is working? What log files/stats shall we look at to discern this information?
Justin at bro IRC channel suggested this script
https://gist.github.com/JustinAzoff/446d0abba2c6dd8ff242#file-conn-peer-bro
This adds peer (worker-x-y) information at the end of conn.log lines, in our case, we have a single bro server with 10 bro workers running on it, this would tell how well bro divide the traffic it received and send to individual workers, is that right?
What I am interested in is whether the Arista 7150 split traffic properly so that bro downstream could tell how well or bad traffic was split on Arista? Is that possible?
Thank you very much and have a nice weekend.
Zhi-Wei Lu
IET-CR-Network Operations Center
University of California, Davis
(530) 752-0155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170421/93337ed9/attachment.html
More information about the Bro
mailing list