[Bro] configure sshd port for bro nodes in cluster mode
OpenShift Ninja
openshift.ninja at gmail.com
Mon Jul 2 08:46:45 PDT 2018
I understand, but I'm trying to run in cluster mode, which means there is a
manager that is talking to the nodes over ssh. I could run it in
non-cluster mode and just have the bro instances analyzing traffic going
through the local interface, but we thought going the cluster route would
be better.
On Mon, Jul 2, 2018 at 11:25 AM Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> > On Jul 2, 2018, at 11:03 AM, OpenShift Ninja <openshift.ninja at gmail.com>
> wrote:
> >
> > So I realized a couple of things when I got into work today:
> >
> > 1) I can't remap the port that my sshd is listening on because I'm using
> host networking - Docker discards the port mapping in host networking mode.
> > 2) My issue isn't the port that bro is listening on but rather the port
> the manager uses to ssh into the other nodes to run the bro commands to run
> the workers - you specify the hostnames in the node.cfg, but there doesn't
> appear to be a way to specify that I need it to ssh on port 2022 instead of
> the normal 22. This is only a problem because the hosts I'm running this on
> are already running an sshd that listens on 22. I might be able to get the
> port changed for that, but it seems easier to just get bro to connect on a
> different port. I can't use the built-in sshd because I want to run the
> workers, logger, etc in containers.
> >
> > Obviously I have the source for bro, so I can go and modify it myself,
> but before I go down that rabbit hole, I want to make sure there isn't a
> way to do it already.
>
> echo "Port 2022" > ~/.ssh/config
>
> Though I must say, if you are trying to get bro running on openshift or
> k8s by running broctl, you are doing it wrong. You don't
> need to run sshd so broctl can run bro in containers, you just need to run
> bro in the containers.
>
> —
> Justin Azoff
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180702/28d0c785/attachment.html
More information about the Bro
mailing list