[Zeek] Netmap support in Bro 2.6.1

Michael Shirk shirkdog.bsd at gmail.com
Wed Jan 23 05:40:27 PST 2019


Yes, there were changes to how you setup the netmap plugin from the
2.4.X days, so also raise an issue if that is not documented
correctly.

On Wed, Jan 23, 2019 at 8:38 AM Carlos Lopez <clopmz at outlook.com> wrote:
>
> Yep, solved ... My fault ... I have removed "lb" options from config file and all it is working now ... Sorry for the noise .,..
>
>
>
> Regards,
> C. L. Martinez
>
>
> ________________________________________
> From: Carlos Lopez <clopmz at outlook.com>
> Sent: 23 January 2019 14:35
> To: Michael Shirk
> Cc: zeek at zeek.org
> Subject: Re: [Zeek] Netmap support in Bro 2.6.1
>
> Thanks Michael for your answer. I have done a simple test installing Bro from pkgs, and it doesn't see any traffic:
>
> root at broserver01:/nsm/bro/logs/current # broctl capstats
> Error: No network interfaces suitable for use with capstats were found.
>
> root at broserver01:/nsm/bro/logs/current # broctl netstats
>  worker-1-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-1-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-1: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-2: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-3: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-4: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-5: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-6: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-7: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>  worker-2-8: <error: Python bindings for Broker: /usr/local/lib/broctl/broker/_broker.so: Undefined symbol "__safestack_unsafe_stack_ptr">
>
> And  capture_loss.log:
> #separator \x09
> #set_separator  ,
> #empty_field    (empty)
> #unset_field    -
> #path   capture_loss
> #open   2019-01-23-13-07-46
> #fields ts      ts_delta        peer    gaps    acks    percent_lost
> #types  time    interval        string  count   count   double
> 1548248866.685834       900.000060      worker-1-5      0       0       0.0
> 1548248866.689995       900.000024      worker-1-2      0       0       0.0
> 1548248866.695771       900.000226      worker-1-8      0       0       0.0
> 1548248866.700932       900.000009      worker-1-1      0       0       0.0
> 1548248866.709488       900.000045      worker-1-4      0       0       0.0
> 1548248866.714722       900.000015      worker-1-6      0       0       0.0
> 1548248866.750419       900.000134      worker-2-5      0       0       0.0
> 1548248866.761479       900.000238      worker-2-7      0       0       0.0
> 1548248866.795894       900.000048      worker-2-8      0       0       0.0
> 1548248866.804847       900.000026      worker-1-3      0       0       0.0
> 1548248866.834338       900.000073      worker-2-6      0       0       0.0
> 1548248866.885618       900.000056      worker-2-1      0       0       0.0
> 1548248866.890991       900.000224      worker-2-4      0       0       0.0
> 1548248866.894688       900.000009      worker-2-2      0       0       0.0
> 1548248866.908410       900.000005      worker-1-7      0       0       0.0
> 1548248866.910493       900.000029      worker-2-3      0       0       0.0
> 1548249766.685856       900.000022      worker-1-5      0       0       0.0
> 1548249766.690121       900.000126      worker-1-2      0       0       0.0
> 1548249766.695893       900.000122      worker-1-8      0       0       0.0
> 1548249766.702236       900.001304      worker-1-1      0       0       0.0
> 1548249766.709525       900.000037      worker-1-4      0       0       0.0
> 1548249766.714733       900.000011      worker-1-6      0       0       0.0
> 1548249766.750422       900.000003      worker-2-5      0       0       0.0
> 1548249766.761513       900.000034      worker-2-7      0       0       0.0
> 1548249766.795917       900.000023      worker-2-8      0       0       0.0
> 1548249766.804874       900.000027      worker-1-3      0       0       0.0
> 1548249766.834462       900.000124      worker-2-6      0       0       0.0
> 1548249766.885620       900.000002      worker-2-1      0       0       0.0
> 1548249766.891140       900.000149      worker-2-4      0       0       0.0
> 1548249766.894759       900.000071      worker-2-2      0       0       0.0
> 1548249766.908413       900.000003      worker-1-7      0       0       0.0
> 1548249766.910495       900.000002      worker-2-3      0       0       0.0
>
> My actual node.cfg config is:
> [logger]
> type=logger
> host=localhost
> #
> [manager]
> type=manager
> host=localhost
> #
> [proxy-1]
> type=proxy
> host=localhost
> #
> [worker-1]
> type=worker
> host=localhost
> interface=netmap::ix1
> lb_method=custom
> lb_procs=8
> #
> [worker-2]
> type=worker
> host=localhost
> interface=netmap::ix2
> lb_method=custom
> lb_procs=8
>
> Maybe am I doing something wrong?
>
>
>
>
> Regards,
> C. L. Martinez
>
>
> ________________________________________
> From: Michael Shirk <shirkdog.bsd at gmail.com>
> Sent: 23 January 2019 13:49
> To: Carlos Lopez
> Cc: zeek at zeek.org
> Subject: Re: [Zeek] Netmap support in Bro 2.6.1
>
> That is all you should need to do. The load balancing app "lb" will make it's way into FreeBSD 13 as an add-on tool, but standard netmap should work. Raise an issue if that is not the case.
>
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> https://www.daemon-security.com
>
> On Wed, Jan 23, 2019, 07:33 Carlos Lopez <clopmz at outlook.com<mailto:clopmz at outlook.com> wrote:
> Hi all,
>
>  What is the status of netmap's support in Bro 2.6.X under FreeBSD? Do I need to install via bro-pkg?
>
> Regards,
> C. L. Martinez
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org<mailto:zeek at zeek.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



-- 
Michael Shirk
Daemon Security, Inc.
https://www.daemon-security.com


More information about the Zeek mailing list