[Bro] Duplicate log entries for events

Seth Hall seth at icir.org
Wed Oct 9 09:35:00 PDT 2013

On Oct 8, 2013, at 5:16 PM, Brendan Dalpe <brendan-dalpe at utulsa.edu> wrote:

> [bro-eth0]
> type=worker
> host=
> interface=eth0
> lb_method=pf_ring
> lb_procs=4
> Any thoughts?

It sounds like something isn't installed correctly.  Did you successfully build Bro against the pf_ring libpcap wrapper?  Your traffic isn't load balancing and each worker is getting the full stream.

Maybe you could show us your configure command?  You can see exactly what you did if you go to your source and look at build/config.status


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131009/2a615b19/attachment.bin 

More information about the Bro mailing list