Installing Bro

libpcap Installation

Platform
Intel® PAC
Napatech SmartNIC
Content Type
Software Installation Guide
Capture Software Version
Link™ Capture Software 12.7

About this task

This section describes an example of installing Bro from source, in case you cannot use a precompiled Bro packaged.

You will usually be able to find a suitable precompiled Bro package for your OS distribution. Please refer to Installing and Running libpcap Applications for general information about how to install and use package-based applications with Napatech libpcap.

For general information about installation of Bro, please refer to https://www.bro.org/sphinx/install/install.html.

For installation instructions for specific Bro versions, refer to the INSTALL file in the Bro package.

Before you begin

For details about prerequisites, go to https://www.bro.org/sphinx/install/install.html#prerequisites.

For example, to install dependencies for compiling and running Bro 2.5 on RH/CentOS 7.x:
$ sudo yum install cmake make gcc gcc-c++ flex bison openssl-devel python-devel swig zlib-devel

Bro 2.4.1 is the last version that can be compiled without C++11 support. More recent versions of Bro requires a compiler with C++11 support, for example GCC 4.8 or later. Check the version of your compiler:

$ gcc --version
gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18)
...

If your GCC version is < 4.8, you can either install Bro 2.4.1 or earlier, or update your compiler toolchain.

You may be able to install a newer compiler as part of a Developer Toolset package.

For RHEL 6, please refer to https://access.redhat.com/documentation/en-US/Red_Hat_Developer_Toolset.

On CentOS 6.x, you can for example install a Developer Toolset package this way:
$ wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
$ sudo yum install devtoolset-2-gcc devtoolset-2-binutils devtoolset-2-gcc-c++

The Developer Toolset is also available for RHEL and CentOS from https://www.softwarecollections.org/en/scls/rhscl/devtoolset-6/.

Before configuring and compiling Bro, start a new shell with the Developer Tools enabled, and check that the correct GCC compiler will be used:
$ scl enable devtoolset-2 bash
$ gcc --version
gcc (GCC) 4.8.2 20140120 (Red Hat 4.8.2-15)
...

Steps

To install Bro:

Procedure

  1. To download Bro, execute the following command:
    $ wget https://www.bro.org/downloads/bro-2.5.tar.gz
  2. To extract and configure Bro, execute the following commands:
    $ tar xzvf bro-2.5.tar.gz
    $ cd bro-2.5
    $ ./configure  --prefix=/opt/napatech3 --with-pcap=/opt/napatech3
  3. To build and install Bro, execute the following commands:
    $ make
    $ sudo make install
  4. To use the Napatech interfaces, edit the /opt/napatech3/etc/node.cfg file according to your specific configuration.

    This example sets up a 2-node cluster that listens on the Napatech pcap devices napa0 and napa1. This configuration works with the default ntpcap.ini file (see The Default ntpcap.ini File).

    # Example BroControl node configuration.
    #
    
    # This is a complete standalone configuration.  Most likely you will
    # only need to change the interface.
    # [bro]
    # type=standalone
    # host=localhost
    # interface=napa0
    
    ## Below is an example clustered configuration. If you use this,
    ## remove the [bro] node above.
    
    [manager]
    type=manager
    host=localhost
    
    [proxy-1]
    type=proxy
    host=localhost
    
    [worker-1]
    type=worker
    host=localhost
    interface=napa0
    
    [worker-2]
    type=worker
    host=localhost
    interface=napa1
    
  5. The procedure for deploying a new configuration depends on the version of Bro. This should work with recent versions of Bro:
    $ /opt/napatech3/bin/ntstart.sh 
    Starting NTService                                          [NTService already running]
    $ /opt/napatech3/bin/broctl 
    Hint: Run the broctl "deploy" command to get started.
    
    Welcome to BroControl 1.4
    
    Type "help" for help.
    
    [BroControl] > install
    creating policy directories ... done.
    installing site policies ... done.
    generating cluster-layout.bro ... done.
    generating local-networks.bro ... done.
    generating broctl-config.bro ... done.
    updating nodes ... done.
    [BroControl] > check
    manager scripts are ok.
    proxy-1 scripts are ok.
    worker-1 scripts are ok.
    worker-2 scripts are ok.
    [BroControl] > start
    starting manager ...
    starting proxy-1 ...
    starting worker-1 ...
    starting worker-2 ...