hi everybody
i try to install bro on freebsd and because of 10G interface and traffic i need to use of netmap framework of freebsd but firstly after upgrading freebsd port, it didn’t upgrade to bro 2.5.1 so i had to download source of 2.5.1 and use it for installation secondly for installing bro with netmap framework i found Michael Shirk pdf which mention configure bro with netmap by --witch-netmap=/usr/src command but there is no --witch-netmap option for bro configuration, so please help me to install bro on freebsd 11 with netmap framework.
This is surprisingly easy now! Through Corelight we sponsored several
development efforts in conjunction with the Netmap developers. One of
the biggest things missing is a way to load balance the traffic, but
the netmap respository has a tool in it now for doing that named "lb"
(load balancer). If you clone the netmap repository and build that
tool you'll be able to balance traffic from a single interface out to
a number of Bro processes. Conveniently it also has very nice logs
and can do buffering to help you weather traffic spikes.
Here's the help output from lb....
usage: lb [options]
where options are:
-h view help text
-i iface interface name (required)
-p [prefix:]npipes add a new group of output pipes
-B nbufs number of extra buffers (default: 0)
-b batch batch size (default: 2048)
-w seconds wait for link up (default: 2)
-W enable busy waiting. this will run your CPU at 100%
-s seconds seconds between syslog stats messages (default: 0)
-o seconds seconds between stdout stats messages (default: 0)
You would normally run it like this...
lb -i <sniffing interface> -p <number of Bro workers> -o 60
You give it the interface you are sniffing, how many Bro workers you
are going to run and "-o 60" makes it write logs to stdout every 60
seconds. I need to create a bro-pkg with the netmap plugin that will
make this all a bit easier too.
.Seth
thank for your reply Seth
as mentioned at the https://www.bro.org/sphinx/components/bro-plugins/netmap/README.html for using netmap framework with Bro if there is no customization on netmap you don’t need to use --with-netmap option and if you customized netmap it needs to assign netmap option, but when i use ./configure --help i don’t find any --with-netmap option and because of that i installed Bro and test it by bro -N Bro::Netmap command on the URL i gave “error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::Netmap is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: Failed to activate requested dynamic plugin(s)” while when i use tcpdump -i netmap:ocs0 it recognized netmap.
so please can you give me the manual for installing bro with netmap and test the functionality of that.
as i read on the internet i can run workers equal to my CPU cores and i have 12 CPU core.
You will want to look at the how-to for the netmap plugin on GitHub as things have changed. However…the how-to has moved.
Seth, where is that info for the plugins now that they are packages?
thank you Michael
as you mentioned on the manual of installing bro on freebsd and on the bro guide on the bro website i tried to install bro with netmap by --with-netmap but there is no option for that so i installed bro and after that i installed netmap plugin for bro from /aux/plugins/netmap folder and after that everything is OK, and i also used Seth manual for configuring node.cfg for workers,
thank you so much
Sorry about that. Unfortunately I suggested it as things are in flux. 
I'm hoping in the next few days I can find some time to repackage the
netmap plugin into a Bro package that people can install through the
package manager.
.Seth