About this task
This section describes an example of installing Bro from source, in case you cannot use a precompiled Bro packaged.
You will usually be able to find a suitable precompiled Bro package for your OS distribution. Please refer to Installing and Running libpcap Applications for general information about how to install and use package-based applications with Napatech libpcap.
For general information about installation of Bro, please refer to https://www.bro.org/sphinx/install/install.html.
For installation instructions for specific Bro versions, refer to the INSTALL file in the Bro package.
Before you begin
For details about prerequisites, go to https://www.bro.org/sphinx/install/install.html#prerequisites.
$ sudo yum install cmake make gcc gcc-c++ flex bison openssl-devel python-devel swig zlib-devel
Bro 2.4.1 is the last version that can be compiled without C++11 support. More recent versions of Bro requires a compiler with C++11 support, for example GCC 4.8 or later. Check the version of your compiler:
$ gcc --version gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) ...
If your GCC version is < 4.8, you can either install Bro 2.4.1 or earlier, or update your compiler toolchain.
You may be able to install a newer compiler as part of a Developer Toolset package.
For RHEL 6, please refer to https://access.redhat.com/documentation/en-US/Red_Hat_Developer_Toolset.
$ wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo $ sudo yum install devtoolset-2-gcc devtoolset-2-binutils devtoolset-2-gcc-c++
The Developer Toolset is also available for RHEL and CentOS from https://www.softwarecollections.org/en/scls/rhscl/devtoolset-6/.
$ scl enable devtoolset-2 bash $ gcc --version gcc (GCC) 4.8.2 20140120 (Red Hat 4.8.2-15) ...
To install Bro:
To download Bro, execute the following command:
$ wget https://www.bro.org/downloads/bro-2.5.tar.gz
To extract and configure Bro, execute the following commands:
$ tar xzvf bro-2.5.tar.gz $ cd bro-2.5 $ ./configure --prefix=/opt/napatech3 --with-pcap=/opt/napatech3
To build and install Bro, execute the following commands:
$ gmake $ sudo gmake install
$ make $ sudo make install
To use the Napatech interfaces, edit the /opt/napatech3/etc/node.cfg file according to your specific configuration.
This example sets up a 2-node cluster that listens on the Napatech pcap devices napa0 and napa1. This configuration works with the default ntpcap.ini file (see The Default ntpcap.ini File).
# Example BroControl node configuration. # # This is a complete standalone configuration. Most likely you will # only need to change the interface. # [bro] # type=standalone # host=localhost # interface=napa0 ## Below is an example clustered configuration. If you use this, ## remove the [bro] node above. [manager] type=manager host=localhost [proxy-1] type=proxy host=localhost [worker-1] type=worker host=localhost interface=napa0 [worker-2] type=worker host=localhost interface=napa1
The procedure for deploying a new configuration depends on the version of Bro. This should work with recent versions of Bro:
$ /opt/napatech3/bin/ntstart.sh Starting NTService [NTService already running] $ /opt/napatech3/bin/broctl Hint: Run the broctl "deploy" command to get started. Welcome to BroControl 1.4 Type "help" for help. [BroControl] > install creating policy directories ... done. installing site policies ... done. generating cluster-layout.bro ... done. generating local-networks.bro ... done. generating broctl-config.bro ... done. updating nodes ... done. [BroControl] > check manager scripts are ok. proxy-1 scripts are ok. worker-1 scripts are ok. worker-2 scripts are ok. [BroControl] > start starting manager ... starting proxy-1 ... starting worker-1 ... starting worker-2 ...