[Zeek] Netmap support in Bro 2.6.1

Carlos Lopez clopmz at outlook.com
Wed Jan 23 05:38:53 PST 2019


Yep, solved ... My fault ... I have removed "lb" options from config file and all it is working now ... Sorry for the noise .,..



Regards,
C. L. Martinez


________________________________________
From: Carlos Lopez <clopmz at outlook.com>
Sent: 23 January 2019 14:35
To: Michael Shirk
Cc: zeek at zeek.org
Subject: Re: [Zeek] Netmap support in Bro 2.6.1

Thanks Michael for your answer. I have done a simple test installing Bro from pkgs, and it doesn't see any traffic:

root at broserver01:/nsm/bro/logs/current # broctl capstats
Error: No network interfaces suitable for use with capstats were found.

root at broserver01:/nsm/bro/logs/current # broctl netstats
 worker-1-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-1-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
 worker-2-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">

And  capture_loss.log:
#separator \x09
#set_separator  ,
#empty_field    (empty)
#unset_field    -
#path   capture_loss
#open   2019-01-23-13-07-46
#fields ts      ts_delta        peer    gaps    acks    percent_lost
#types  time    interval        string  count   count   double
1548248866.685834       900.000060      worker-1-5      0       0       0.0
1548248866.689995       900.000024      worker-1-2      0       0       0.0
1548248866.695771       900.000226      worker-1-8      0       0       0.0
1548248866.700932       900.000009      worker-1-1      0       0       0.0
1548248866.709488       900.000045      worker-1-4      0       0       0.0
1548248866.714722       900.000015      worker-1-6      0       0       0.0
1548248866.750419       900.000134      worker-2-5      0       0       0.0
1548248866.761479       900.000238      worker-2-7      0       0       0.0
1548248866.795894       900.000048      worker-2-8      0       0       0.0
1548248866.804847       900.000026      worker-1-3      0       0       0.0
1548248866.834338       900.000073      worker-2-6      0       0       0.0
1548248866.885618       900.000056      worker-2-1      0       0       0.0
1548248866.890991       900.000224      worker-2-4      0       0       0.0
1548248866.894688       900.000009      worker-2-2      0       0       0.0
1548248866.908410       900.000005      worker-1-7      0       0       0.0
1548248866.910493       900.000029      worker-2-3      0       0       0.0
1548249766.685856       900.000022      worker-1-5      0       0       0.0
1548249766.690121       900.000126      worker-1-2      0       0       0.0
1548249766.695893       900.000122      worker-1-8      0       0       0.0
1548249766.702236       900.001304      worker-1-1      0       0       0.0
1548249766.709525       900.000037      worker-1-4      0       0       0.0
1548249766.714733       900.000011      worker-1-6      0       0       0.0
1548249766.750422       900.000003      worker-2-5      0       0       0.0
1548249766.761513       900.000034      worker-2-7      0       0       0.0
1548249766.795917       900.000023      worker-2-8      0       0       0.0
1548249766.804874       900.000027      worker-1-3      0       0       0.0
1548249766.834462       900.000124      worker-2-6      0       0       0.0
1548249766.885620       900.000002      worker-2-1      0       0       0.0
1548249766.891140       900.000149      worker-2-4      0       0       0.0
1548249766.894759       900.000071      worker-2-2      0       0       0.0
1548249766.908413       900.000003      worker-1-7      0       0       0.0
1548249766.910495       900.000002      worker-2-3      0       0       0.0

My actual node.cfg config is:
[logger]
type=logger
host=localhost
#
[manager]
type=manager
host=localhost
#
[proxy-1]
type=proxy
host=localhost
#
[worker-1]
type=worker
host=localhost
interface=netmap::ix1
lb_method=custom
lb_procs=8
#
[worker-2]
type=worker
host=localhost
interface=netmap::ix2
lb_method=custom
lb_procs=8

Maybe am I doing something wrong?




Regards,
C. L. Martinez


________________________________________
From: Michael Shirk <shirkdog.bsd at gmail.com>
Sent: 23 January 2019 13:49
To: Carlos Lopez
Cc: zeek at zeek.org
Subject: Re: [Zeek] Netmap support in Bro 2.6.1

That is all you should need to do. The load balancing app "lb" will make it's way into FreeBSD 13 as an add-on tool, but standard netmap should work. Raise an issue if that is not the case.



--
Michael Shirk
Daemon Security, Inc.
https://www.daemon-security.com

On Wed, Jan 23, 2019, 07:33 Carlos Lopez <clopmz at outlook.com<mailto:clopmz at outlook.com> wrote:
Hi all,

 What is the status of netmap's support in Bro 2.6.X under FreeBSD? Do I need to install via bro-pkg?

Regards,
C. L. Martinez

_______________________________________________
Zeek mailing list
zeek at zeek.org<mailto:zeek at zeek.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



More information about the Zeek mailing list