Bro Cluster on the Bivio Platform

I recently built and tested Bro Cluster for the Bivio Platform for some of our customers and wanted to share the information.

The cluster version of Bro is a very native fit for the Bivio architecture. The internals of the Bivio platform on a single Bivio 7562 can be thought of as a load balancer and 12 separate Linux systems (this can scale to 48 systems in a single logical unit). The Linux systems have their own communication plane within the Bivio system that is separate from the packet acquisition path and can use this to talk to the workers, proxies, and the manager. The shared file system also allows for easy setup. Below are the steps I used to setup the system and Bro Cluster. I also attached my node.cfg for a Bivio 7562, this file can be edited so that it reflects the number of cpu cores that will be running systems for Bro.

Installation

node.cfg (892 Bytes)