[Zeek] Ryu Controller
Johanna Amann
johanna at corelight.com
Mon Nov 25 21:45:54 PST 2019
Hi,
> I want to integrate Ryu controller with Zeek IDS for a project and I
> need
> help to do this. Can anyone help me with it?
if you just want send commands to Ryu from Zeek - use the netcontrol
framework. There actually is a Ryu plugin for it, although that might
have bitrotted a bit by now (so I won’t guarantee that it just works
out of the box anymore).
In any case - it might be worth taking a look at the netcontrol
documentation that highlights how netcontrol operates:
https://docs.zeek.org/en/stable/frameworks/netcontrol.html
It also shows how to instantiate everything. To make things a bit
complicated, there are two ways to interface with Ryu. The first one
uses the Ryu REST API directly from Zeek. This does not scale very well
- but is pretty simple and should still work unless they changed the
API. That plugin ships with Zeek and is at
https://github.com/zeek/zeek/blob/master/scripts/base/frameworks/openflow/plugins/ryu.zeek.
The second way is to use the generic broker plugin on the Zeek side -
and write a Ryu controller that can interact with that. A Ryu controller
implementing this is in the zeek-netcontrol repository (which is
contained in aux if you download the distribution).
https://github.com/zeek/zeek-netcontrol/tree/master/openflow contains
the source code as well as an example script that ties everything
together.
I hope this helps a bit to get started :)
Johanna
More information about the Zeek
mailing list