[Bro] using netmap framework of freebsd for installing bro

iraj norouzi zeutech at gmail.com
Tue Aug 1 22:49:06 PDT 2017 

​thank you Michael
as you mentioned on the manual of installing bro on freebsd and on the bro
guide on the bro website i tried to install bro with netmap by
--with-netmap but there is no option for that so i installed bro and after
that i installed netmap plugin for bro from /aux/plugins/netmap​ folder and
after that everything is OK, and i also used Seth manual for configuring
node.cfg for workers,
thank you so much

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


*Regards,Iraj Norouzi*
*+989122494558*

On Tue, Aug 1, 2017 at 7:27 PM, Michael Shirk <shirkdog.bsd at gmail.com>
wrote:

> You will want to look at the how-to for the netmap plugin on GitHub as
> things have changed. However...the how-to has moved.
>
> Seth, where is that info for the plugins now that they are packages?
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> https://www.daemon-security.com
>
> On Aug 1, 2017 10:16 AM, "iraj norouzi" <zeutech at gmail.com> wrote:
>
>> thank for your reply Seth
>> as mentioned at the https://www.bro.org/sphinx
>> /components/bro-plugins/netmap/README.html for using netmap framework
>> with Bro if there is no customization on netmap you don't need to use
>> --with-netmap option and if you customized netmap it needs to assign netmap
>> option, but when i use ./configure --help i don't find any --with-netmap
>> option and because of that i installed Bro and test it by bro -N
>> Bro::Netmap command on the URL i gave "error in
>> /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::Netmap
>> is not available
>> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
>> Failed to activate requested dynamic plugin(s)" while when i use tcpdump -i
>> netmap:ocs0 it recognized netmap.
>> so please can you give me the manual for installing bro with netmap and
>> test the functionality of that.
>> as i read on the internet i can run workers equal to my CPU cores and i
>> have 12 CPU core.
>>
>>
>> *Regards,Iraj Norouzi*
>> *+989122494558 <+98%20912%20249%204558>*
>>
>> On Tue, Aug 1, 2017 at 5:17 PM, Seth Hall <seth at corelight.com> wrote:
>>
>>> This is surprisingly easy now!  Through Corelight we sponsored several
>>> development efforts in conjunction with the Netmap developers.  One of
>>> the biggest things missing is a way to load balance the traffic, but
>>> the netmap respository has a tool in it now for doing that named "lb"
>>> (load balancer).  If you clone the netmap repository and build that
>>> tool you'll be able to balance traffic from a single interface out to
>>> a number of Bro processes.  Conveniently it also has very nice logs
>>> and can do buffering to help you weather traffic spikes.
>>>
>>> Here's the help output from lb....
>>>
>>> usage: lb [options]
>>> where options are:
>>>   -h               view help text
>>>   -i iface         interface name (required)
>>>   -p [prefix:]npipes add a new group of output pipes
>>>   -B nbufs         number of extra buffers (default: 0)
>>>   -b batch         batch size (default: 2048)
>>>   -w seconds         wait for link up (default: 2)
>>>   -W                    enable busy waiting. this will run your CPU at
>>> 100%
>>>   -s seconds       seconds between syslog stats messages (default: 0)
>>>   -o seconds       seconds between stdout stats messages (default: 0)
>>>
>>> You would normally run it like this...
>>>
>>> lb -i <sniffing interface> -p <number of Bro workers> -o 60
>>>
>>> You give it the interface you are sniffing, how many Bro workers you
>>> are going to run and "-o 60" makes it write logs to stdout every 60
>>> seconds.  I need to create a bro-pkg with the netmap plugin that will
>>> make this all a bit easier too.
>>>
>>>   .Seth
>>>
>>> On Tue, Aug 1, 2017 at 5:56 AM, iraj norouzi <zeutech at gmail.com> wrote:
>>> > hi everybody
>>> > i try to install bro on freebsd and because of 10G interface and
>>> traffic i
>>> > need to use of netmap framework of freebsd but firstly after upgrading
>>> > freebsd port, it didn't upgrade to bro 2.5.1 so i had to download
>>> source of
>>> > 2.5.1 and use it for installation secondly for installing bro with
>>> netmap
>>> > framework i found Michael Shirk pdf which mention configure bro with
>>> netmap
>>> > by --witch-netmap=/usr/src command but there is no --witch-netmap
>>> option for
>>> > bro configuration, so please help me to install bro on freebsd 11 with
>>> > netmap framework.
>>> > Regards,
>>> > Iraj Norouzi
>>> > +989122494558 <+98%20912%20249%204558>
>>> >
>>> > _______________________________________________
>>> > Bro mailing list
>>> > bro at bro-ids.org
>>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>>
>>>
>>> --
>>> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170802/39483b84/attachment.html

More information about the Bro mailing list