[Bro] using netmap framework of freebsd for installing bro

iraj norouzi zeutech at gmail.com
Tue Aug 1 07:13:57 PDT 2017 

thank for your reply Seth
as mentioned at the https://www.bro.org/sphinx/components/bro-plugins/
netmap/README.html for using netmap framework with Bro if there is no
customization on netmap you don't need to use --with-netmap option and if
you customized netmap it needs to assign netmap option, but when i use
./configure --help i don't find any --with-netmap option and because of
that i installed Bro and test it by bro -N Bro::Netmap command on the URL i
gave "error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin
Bro::Netmap is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: Failed
to activate requested dynamic plugin(s)" while when i use tcpdump -i
netmap:ocs0 it recognized netmap.
so please can you give me the manual for installing bro with netmap and
test the functionality of that.
as i read on the internet i can run workers equal to my CPU cores and i
have 12 CPU core.


*Regards,Iraj Norouzi*
*+989122494558*

On Tue, Aug 1, 2017 at 5:17 PM, Seth Hall <seth at corelight.com> wrote:

> This is surprisingly easy now!  Through Corelight we sponsored several
> development efforts in conjunction with the Netmap developers.  One of
> the biggest things missing is a way to load balance the traffic, but
> the netmap respository has a tool in it now for doing that named "lb"
> (load balancer).  If you clone the netmap repository and build that
> tool you'll be able to balance traffic from a single interface out to
> a number of Bro processes.  Conveniently it also has very nice logs
> and can do buffering to help you weather traffic spikes.
>
> Here's the help output from lb....
>
> usage: lb [options]
> where options are:
>   -h               view help text
>   -i iface         interface name (required)
>   -p [prefix:]npipes add a new group of output pipes
>   -B nbufs         number of extra buffers (default: 0)
>   -b batch         batch size (default: 2048)
>   -w seconds         wait for link up (default: 2)
>   -W                    enable busy waiting. this will run your CPU at 100%
>   -s seconds       seconds between syslog stats messages (default: 0)
>   -o seconds       seconds between stdout stats messages (default: 0)
>
> You would normally run it like this...
>
> lb -i <sniffing interface> -p <number of Bro workers> -o 60
>
> You give it the interface you are sniffing, how many Bro workers you
> are going to run and "-o 60" makes it write logs to stdout every 60
> seconds.  I need to create a bro-pkg with the netmap plugin that will
> make this all a bit easier too.
>
>   .Seth
>
> On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
> > hi everybody
> > i try to install bro on freebsd and because of 10G interface and traffic
> i
> > need to use of netmap framework of freebsd but firstly after upgrading
> > freebsd port, it didn't upgrade to bro 2.5.1 so i had to download source
> of
> > 2.5.1 and use it for installation secondly for installing bro with netmap
> > framework i found Michael Shirk pdf which mention configure bro with
> netmap
> > by --witch-netmap=/usr/src command but there is no --witch-netmap option
> for
> > bro configuration, so please help me to install bro on freebsd 11 with
> > netmap framework.
> > Regards,
> > Iraj Norouzi
> > +989122494558
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> --
> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170801/45d4a9cc/attachment.html

More information about the Bro mailing list