[Zeek] Netmap support in Bro 2.6.1
Carlos Lopez
clopmz at outlook.com
Wed Jan 23 05:35:13 PST 2019
Thanks Michael for your answer. I have done a simple test installing Bro from pkgs, and it doesn't see any traffic:
root at broserver01:/nsm/bro/logs/current # broctl capstats
Error: No network interfaces suitable for use with capstats were found.
root at broserver01:/nsm/bro/logs/current # broctl netstats
worker-1-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-1-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
worker-2-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
And capture_loss.log:
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path capture_loss
#open 2019-01-23-13-07-46
#fields ts ts_delta peer gaps acks percent_lost
#types time interval string count count double
1548248866.685834 900.000060 worker-1-5 0 0 0.0
1548248866.689995 900.000024 worker-1-2 0 0 0.0
1548248866.695771 900.000226 worker-1-8 0 0 0.0
1548248866.700932 900.000009 worker-1-1 0 0 0.0
1548248866.709488 900.000045 worker-1-4 0 0 0.0
1548248866.714722 900.000015 worker-1-6 0 0 0.0
1548248866.750419 900.000134 worker-2-5 0 0 0.0
1548248866.761479 900.000238 worker-2-7 0 0 0.0
1548248866.795894 900.000048 worker-2-8 0 0 0.0
1548248866.804847 900.000026 worker-1-3 0 0 0.0
1548248866.834338 900.000073 worker-2-6 0 0 0.0
1548248866.885618 900.000056 worker-2-1 0 0 0.0
1548248866.890991 900.000224 worker-2-4 0 0 0.0
1548248866.894688 900.000009 worker-2-2 0 0 0.0
1548248866.908410 900.000005 worker-1-7 0 0 0.0
1548248866.910493 900.000029 worker-2-3 0 0 0.0
1548249766.685856 900.000022 worker-1-5 0 0 0.0
1548249766.690121 900.000126 worker-1-2 0 0 0.0
1548249766.695893 900.000122 worker-1-8 0 0 0.0
1548249766.702236 900.001304 worker-1-1 0 0 0.0
1548249766.709525 900.000037 worker-1-4 0 0 0.0
1548249766.714733 900.000011 worker-1-6 0 0 0.0
1548249766.750422 900.000003 worker-2-5 0 0 0.0
1548249766.761513 900.000034 worker-2-7 0 0 0.0
1548249766.795917 900.000023 worker-2-8 0 0 0.0
1548249766.804874 900.000027 worker-1-3 0 0 0.0
1548249766.834462 900.000124 worker-2-6 0 0 0.0
1548249766.885620 900.000002 worker-2-1 0 0 0.0
1548249766.891140 900.000149 worker-2-4 0 0 0.0
1548249766.894759 900.000071 worker-2-2 0 0 0.0
1548249766.908413 900.000003 worker-1-7 0 0 0.0
1548249766.910495 900.000002 worker-2-3 0 0 0.0
My actual node.cfg config is:
[logger]
type=logger
host=localhost
#
[manager]
type=manager
host=localhost
#
[proxy-1]
type=proxy
host=localhost
#
[worker-1]
type=worker
host=localhost
interface=netmap::ix1
lb_method=custom
lb_procs=8
#
[worker-2]
type=worker
host=localhost
interface=netmap::ix2
lb_method=custom
lb_procs=8
Maybe am I doing something wrong?
Regards,
C. L. Martinez
________________________________________
From: Michael Shirk <shirkdog.bsd at gmail.com>
Sent: 23 January 2019 13:49
To: Carlos Lopez
Cc: zeek at zeek.org
Subject: Re: [Zeek] Netmap support in Bro 2.6.1
That is all you should need to do. The load balancing app "lb" will make it's way into FreeBSD 13 as an add-on tool, but standard netmap should work. Raise an issue if that is not the case.
--
Michael Shirk
Daemon Security, Inc.
https://www.daemon-security.com
On Wed, Jan 23, 2019, 07:33 Carlos Lopez <clopmz at outlook.com<mailto:clopmz at outlook.com> wrote:
Hi all,
What is the status of netmap's support in Bro 2.6.X under FreeBSD? Do I need to install via bro-pkg?
Regards,
C. L. Martinez
_______________________________________________
Zeek mailing list
zeek at zeek.org<mailto:zeek at zeek.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list