Bro and myricom woes

Harry_Hoffman · August 7, 2014, 6:37pm

Hi All,

Thought I’d write in to seek some guidance from the list.

I’ve got bro running on RHEL 6.5 sitting on a box with 20 cores and 64 GB of RAM and a RAID 6 configuration through 1.2TB disks on a LSI raid card. This is a Cisco UCS 1u server.

I’m running with myricom’s sniffer 10G software (v3) in an x16 slot set at GEN II in the BIOS (I don’t have a x8 slot to put it in).

I’ve tried running both bro out of git and bro 2.3.

/usr/local/bro/etc/node.conf looks like:
drop ring full
[manager]
type=manager
host=localhost

Seth_Hall3 · August 7, 2014, 9:04pm

I’m running with myricom’s sniffer 10G software (v3) in an x16 slot set at GEN II in the BIOS (I don’t have a x8 slot to put it in).

I don't actually have docs from Myricom yet, but I hope our myricom plugin still support their software in v3.

I’m using some of the features of our gigamon to slice packets and only keep up to 32 bytes of certain packets discarding

Ding! You got it. This completely breaks Bro and you really don't want to do it. Try removing that trimming config and see how Bro reacts.

.Seth

Topic		Replies	Views
Myricom and Bro Zeek	1	70	May 6, 2022
[security-onion] Bro and Myricom Zeek	1	82	May 6, 2022
Myricom and Bro... show of hands for successful deployments on 10G links (with > 5Gpbs) Zeek	7	91	May 6, 2022
Bro and myricom woes Zeek	2	70	May 6, 2022
Bro performance & sizing question Zeek	3	99	May 6, 2022

Bro and myricom woes

Related Topics