[Bro] Netmap plugin issue
Randy Bush
randy at psg.com
Sun Feb 12 05:45:26 PST 2017
[ n00b. well i ran bro over a decade ago. ]
a ganeti cluster running ganeti 2.15 on deb8 and ubuntu16
i run bro in a vm on one of the nodes. as it is on the bridged lan, it
sees all the traffic to all vms whose primary is on the same node.
this is sweet. but i want to see the traffic to the vms whose primary
are on the other nodes.
so what is the minimial hack i can run on other nodes to stream pcaps
to that bro instance so that the whole cluster is feeding to one bro
instance? i would prefer a simple hack to run on the host opsys, but
could create more guest vms iff i had to.
the cluster has a second inter-node lan i could use to avoid pcapping
the pcap transport.
[ no, i prefer not to mirror off the switch ]
randy
More information about the Bro
mailing list