Bro::Myricom
This plugin provides native `Myricom SNF v3+v4` support for Bro.
Bro-pkg Installation
Make sure you have the SNF library installed and then run:
bro-pkg install sethhall/bro-myricom
Manual Installation
Follow Myricom's instructions to get its kernel module and userspace libraries installed, then use the following commands to configure and build the plugin.
After building bro from the sources, change to the "aux/plugins/myricom" directory and run:
./configure --with-myricom=<path to sniffer sources> --bro-dist=<path to bro sources>
make && sudo make install
Note: In most cases, if you are building this plugin from the Bro source tree, you won't need any configure arguments.
If everything built and installed correctly, you should see this:
# bro -N Bro::Myricom
Bro::Myricom - Packet acquisition via Myricom SNF v3+v4 (dynamic, version 1.0)
You may run Bro as unprivileged user.
Usage
Once installed, you can use Myricom interfaces/ports by prefixing them
with myricom::
on the command line. For example, to use Myricom SNF to
monitor interface p2p1
:
bro -i myricom::p2p1
To use it in production with multiple Bro processes, use a configuration similar to this in node.cfg:
[worker-1]
type=worker
host=localhost
lb_method=custom
lb_procs=<number of processes, like 16>
interface=myricom::<interface name, like p2p1>
If you would like to sniff all Myricom interfaces on a system and merge them
together, there is a special interface name available of myricom::*
. It uses
a special feature of the Myricom SNF library for port aggregation.
To run a cluster sniffing all Myricom interfaces on a system, you can use the
same configuration as above, but with the special interface name that aggregates
all Myricom ports like this:
[worker-1]
type=worker
host=localhost
lb_method=custom
lb_procs=<number of processes, like 16>
interface=myricom::*
Tuning
You may wish to tune the amount of memory used for the global packet buffer. This
setting is available in the Bro script interface to the plugin, but it's also
available as a global option in broctl.cfg
or as a per-node option innode.cfg
. The following line in either config file will set the SNF packet
buffer ring size to 16GB (the default is 1GB):
myricom.snf_ring_size=16384
Enjoy!