[Bro] configure sshd port for bro nodes in cluster mode

OpenShift Ninja openshift.ninja at gmail.com
Mon Jul 2 08:03:53 PDT 2018 

So I realized a couple of things when I got into work today:

1) I can't remap the port that my sshd is listening on because I'm using
host networking - Docker discards the port mapping in host networking mode.
2) My issue isn't the port that bro is listening on but rather the port the
manager uses to ssh into the other nodes to run the bro commands to run the
workers - you specify the hostnames in the node.cfg, but there doesn't
appear to be a way to specify that I need it to ssh on port 2022 instead of
the normal 22. This is only a problem because the hosts I'm running this on
are already running an sshd that listens on 22. I might be able to get the
port changed for that, but it seems easier to just get bro to connect on a
different port. I can't use the built-in sshd because I want to run the
workers, logger, etc in containers.

Obviously I have the source for bro, so I can go and modify it myself, but
before I go down that rabbit hole, I want to make sure there isn't a way to
do it already.

On Mon, Jul 2, 2018 at 8:34 AM Openshift Ninja <openshift.ninja at gmail.com>
wrote:

> omg, I totally blanked on this. thanks for reminding me of a container 101
> feature.
>
> silly me.
>
> Thanks!
>
>
> On Jul 2, 2018 at 8:31 AM, <Mark Gardner <mkg at vt.edu>> wrote:
>
> On Fri, Jun 29, 2018 at 4:53 PM, OpenShift Ninja <
> openshift.ninja at gmail.com> wrote:
>
>> Is it possible to easily configure Bro in cluster mode to connect on
>> alternate ports other than 22? The reason I ask is that I'm running my bro
>> processes inside containers on a host that already has sshd on port 22 (I'm
>> running a sidecar sshd inside the container on port 2022). I can probably
>> find it if I dig around, but if someone knows how to do this, let me know.
>>
>
> ​You should be able to map the port Bro is listening on inside the
> container to another port on the host. For Docker, the option would be ​-p
> <host-port>:<container-port>. See
> https://docs.docker.com/config/containers/container-networking/ for more
> details.
>
> Mark
> --
> Mark Gardner
> --
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180702/acab963d/attachment.html

More information about the Bro mailing list