[Oisf-users] Load-balancing Suricata
Peter Manev
petermanev at gmail.com
Thu Apr 12 07:03:59 UTC 2012
Hi,
may be something like this could be useful:
http://www.rocksclusters.org/wordpress/
however it is based on CentOS.
Thanks
On Thu, Apr 12, 2012 at 5:05 AM, Seth Hall <seth at icir.org> wrote:
>
> On Apr 11, 2012, at 10:46 PM, Christopher Sheats wrote:
>
> > Say, 2 to N of these:
> > http://www.newegg.com/Product/Product.aspx?Item=N82E16813153239
> > (I haven't seen any announcement of SuperMicro releasing a serverboard
> > using the Intel Atom D2700 yet)
>
> You could send the full traffic stream to each box and run these BPF
> filters on each Suricata instance:
>
> Host1:
> (ip[14:2]+ip[18:2]) - (2*((ip[14:2]+ip[18:2])/2)) == 0
>
> Host2:
> (ip[14:2]+ip[18:2]) - (2*((ip[14:2]+ip[18:2])/2)) == 1
>
> This only works for packets that are straight ethernet encapsulated (no
> vlan or mpls tags) and it also doesn't work for IPv6. If you need to add
> another host (for a total of three), you can change the "2*" and "/2" to
> 3's and increment the value on the far right.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120412/21e844e1/attachment-0002.html>
More information about the Oisf-users
mailing list