[Bro] using netmap framework of freebsd for installing bro

Michael Shirk shirkdog.bsd at gmail.com
Tue Aug 1 07:57:25 PDT 2017


You will want to look at the how-to for the netmap plugin on GitHub as
things have changed. However...the how-to has moved.

Seth, where is that info for the plugins now that they are packages?


--
Michael Shirk
Daemon Security, Inc.
https://www.daemon-security.com

On Aug 1, 2017 10:16 AM, "iraj norouzi" <zeutech at gmail.com> wrote:

> thank for your reply Seth
> as mentioned at the https://www.bro.org/sphinx
> /components/bro-plugins/netmap/README.html for using netmap framework
> with Bro if there is no customization on netmap you don't need to use
> --with-netmap option and if you customized netmap it needs to assign netmap
> option, but when i use ./configure --help i don't find any --with-netmap
> option and because of that i installed Bro and test it by bro -N
> Bro::Netmap command on the URL i gave "error in
> /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::Netmap
> is not available
> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
> Failed to activate requested dynamic plugin(s)" while when i use tcpdump -i
> netmap:ocs0 it recognized netmap.
> so please can you give me the manual for installing bro with netmap and
> test the functionality of that.
> as i read on the internet i can run workers equal to my CPU cores and i
> have 12 CPU core.
>
>
> *Regards,Iraj Norouzi*
> *+989122494558 <+98%20912%20249%204558>*
>
> On Tue, Aug 1, 2017 at 5:17 PM, Seth Hall <seth at corelight.com> wrote:
>
>> This is surprisingly easy now!  Through Corelight we sponsored several
>> development efforts in conjunction with the Netmap developers.  One of
>> the biggest things missing is a way to load balance the traffic, but
>> the netmap respository has a tool in it now for doing that named "lb"
>> (load balancer).  If you clone the netmap repository and build that
>> tool you'll be able to balance traffic from a single interface out to
>> a number of Bro processes.  Conveniently it also has very nice logs
>> and can do buffering to help you weather traffic spikes.
>>
>> Here's the help output from lb....
>>
>> usage: lb [options]
>> where options are:
>>   -h               view help text
>>   -i iface         interface name (required)
>>   -p [prefix:]npipes add a new group of output pipes
>>   -B nbufs         number of extra buffers (default: 0)
>>   -b batch         batch size (default: 2048)
>>   -w seconds         wait for link up (default: 2)
>>   -W                    enable busy waiting. this will run your CPU at
>> 100%
>>   -s seconds       seconds between syslog stats messages (default: 0)
>>   -o seconds       seconds between stdout stats messages (default: 0)
>>
>> You would normally run it like this...
>>
>> lb -i <sniffing interface> -p <number of Bro workers> -o 60
>>
>> You give it the interface you are sniffing, how many Bro workers you
>> are going to run and "-o 60" makes it write logs to stdout every 60
>> seconds.  I need to create a bro-pkg with the netmap plugin that will
>> make this all a bit easier too.
>>
>>   .Seth
>>
>> On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
>> > hi everybody
>> > i try to install bro on freebsd and because of 10G interface and
>> traffic i
>> > need to use of netmap framework of freebsd but firstly after upgrading
>> > freebsd port, it didn't upgrade to bro 2.5.1 so i had to download
>> source of
>> > 2.5.1 and use it for installation secondly for installing bro with
>> netmap
>> > framework i found Michael Shirk pdf which mention configure bro with
>> netmap
>> > by --witch-netmap=/usr/src command but there is no --witch-netmap
>> option for
>> > bro configuration, so please help me to install bro on freebsd 11 with
>> > netmap framework.
>> > Regards,
>> > Iraj Norouzi
>> > +989122494558 <+98%20912%20249%204558>
>> >
>> > _______________________________________________
>> > Bro mailing list
>> > bro at bro-ids.org
>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>>
>>
>> --
>> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170801/36e7c63b/attachment-0001.html 


More information about the Bro mailing list