About this task
This section describes an example of installing Bro from source, in case you cannot use a precompiled Bro packaged.
You will usually be able to find a suitable precompiled Bro package for your OS distribution. Please refer to Installing and Running libpcap Applications for general information about how to install and use package-based applications with Napatech libpcap.
For general information about installation of Bro, please refer to https://www.bro.org/sphinx/install/install.html.
For installation instructions for specific Bro versions, refer to the INSTALL file in the Bro package.
Before you begin
For details about prerequisites, go to https://www.bro.org/sphinx/install/install.html#prerequisites.
For example, to install dependencies for compiling and running Bro 2.5 on RH/CentOS 7.x:
$ sudo yum install cmake make gcc gcc-c++ flex bison openssl-devel python-devel swig zlib-devel
Bro 2.4.1 is the last version that can be compiled without C++11 support. More recent versions of Bro requires a compiler with C++11 support, for example GCC 4.8 or later. Check the version of your compiler:
$ gcc --version
gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18)
...
If your GCC version is < 4.8, you can either install Bro 2.4.1 or earlier, or update your compiler toolchain.
You may be able to install a newer compiler as part of a Developer Toolset package.
For RHEL 6, please refer to https://access.redhat.com/documentation/en-US/Red_Hat_Developer_Toolset.
On CentOS 6.x, you can for example install a Developer Toolset package this way:
$ wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
$ sudo yum install devtoolset-2-gcc devtoolset-2-binutils devtoolset-2-gcc-c++
The Developer Toolset is also available for RHEL and CentOS from https://www.softwarecollections.org/en/scls/rhscl/devtoolset-6/.
Before configuring and compiling Bro, start a new shell with the Developer Tools enabled, and check that the correct GCC compiler will be used:
$ scl enable devtoolset-2 bash
$ gcc --version
gcc (GCC) 4.8.2 20140120 (Red Hat 4.8.2-15)
...
Procedure
-
To download Bro, execute the following command:
$ wget https://www.bro.org/downloads/bro-2.5.tar.gz
-
To extract and configure Bro, execute the following commands:
$ tar xzvf bro-2.5.tar.gz
$ cd bro-2.5
$ ./configure --prefix=/opt/napatech3 --with-pcap=/opt/napatech3
-
To build and install Bro, execute the following commands:
For FreeBSD:
$ gmake
$ sudo gmake install
For Linux:
$ make
$ sudo make install
-
To use the Napatech interfaces, edit the /opt/napatech3/etc/node.cfg file according to your specific configuration.
This example sets up a 2-node cluster that listens on the Napatech pcap devices napa0 and napa1. This configuration works with the default ntpcap.ini file (see The Default ntpcap.ini File).
# Example BroControl node configuration.
#
# This is a complete standalone configuration. Most likely you will
# only need to change the interface.
# [bro]
# type=standalone
# host=localhost
# interface=napa0
## Below is an example clustered configuration. If you use this,
## remove the [bro] node above.
[manager]
type=manager
host=localhost
[proxy-1]
type=proxy
host=localhost
[worker-1]
type=worker
host=localhost
interface=napa0
[worker-2]
type=worker
host=localhost
interface=napa1
-
The procedure for deploying a new configuration depends on the version of Bro. This should work with recent versions of Bro:
$ /opt/napatech3/bin/ntstart.sh
Starting NTService [NTService already running]
$ /opt/napatech3/bin/broctl
Hint: Run the broctl "deploy" command to get started.
Welcome to BroControl 1.4
Type "help" for help.
[BroControl] > install
creating policy directories ... done.
installing site policies ... done.
generating cluster-layout.bro ... done.
generating local-networks.bro ... done.
generating broctl-config.bro ... done.
updating nodes ... done.
[BroControl] > check
manager scripts are ok.
proxy-1 scripts are ok.
worker-1 scripts are ok.
worker-2 scripts are ok.
[BroControl] > start
starting manager ...
starting proxy-1 ...
starting worker-1 ...
starting worker-2 ...