[Bro] Quick pf_ring question
jlay at slave-tothe-box.net
Mon Aug 25 10:37:59 PDT 2014
On 2014-08-25 11:35, Seth Hall wrote:
> On Aug 21, 2014, at 6:11 PM, James Lay <jlay at slave-tothe-box.net>
>> Hey all!
>> So...where/how does one utilize pf_ring via command-line/local.bro?
>> I'm not having much luck finding the info...thanks for any help.
> You could take a look at the pf_ring plugin in BroControl. There are
> some special environment variables that need to be set.
> The main one you probably are concerned with is:
> PCAP_PF_RING_CLUSTER_ID. Set this to some numeric value and use the
> same value for each worker you are running and the traffic should be
> balanced across all of your processes.
> You should also probably set the PCAP_PF_RING_USE_CLUSTER_PER_FLOW to
> 1 as well.
> Since you're running Bro manually, it might look like this:
> PCAP_PF_RING_USE_CLUSTER_PER_FLOW=1 PCAP_PF_RING_CLUSTER_ID=21 bro
> <your args>
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
That's awesome...thanks for the info Seth.
More information about the Bro