[Bro] Arista Traffic Shunting
Aashish Sharma
asharma at lbl.gov
Mon Jul 31 12:40:22 PDT 2017
Here is how I have stuff setup:
1) in your site.bro:
@load conn-bulk.bro
@load react
redef GridFTP::size_threshold = 1048576; # 2 MB
redef Bulk::size_threshold = 134217728 ; # 128 MB
2) make sure react/dumbno.cfg has right values
3) then:
a) ./dumbno.py dumbno.cfg setup
b) ./dumbno.py dumbno.cfg >& /var/log/dumbno.log &
c) ./dumbno.py dumbno.cfg stats >& /var/log/dumbno.stats &
4) @load conn-bulk.bro and "@load react" should get bro to start
flagging and acting on fat flows.
tail on /var/log/dumbno.log should give you reasonable visibility into
on-going operations
Hope this helps,
Aashish
On Mon, Jul 31, 2017 at 05:54:10PM +0000, Logan Miller wrote:
> Aashish,
>
> I saw those github scripts and I wasn't sure where to put them in the bro directory and what bro configs had to be changed to make it them work. Where did you put the scripts? Also, as long as api management is enabled on the Arista switch, is there anything else on the switch that needs to be configured?
>
> - Logan Miller
More information about the Bro
mailing list