[Bro] Bro PF RING

Davison, Charles Robert cdaviso1 at vols.utk.edu
Tue Sep 22 13:10:34 PDT 2015

I am following the instructions on bro.org<https://www.bro.org/sphinx/configuration/index.html#pf-ring-cluster-configuration> for the PF_Ring install and have completed the below steps so far. I have a question about the next few steps:

How do i complete this?

...Refer to the documentation for your Linux distribution on how to load the pf_ring module at boot time.

Does this basically mean i need to use the steps below on all worker nodes?

...You will need to install the PF_RING library files and kernel module on all of the workers in your cluster.

I already downloaded bro and installed /configured it.... is there a way to reconfigure bro without performing the below steps.

  1.  Download the Bro source code.

  2.  Configure and install Bro using the following commands:

Steps Completed Thus Far on Ubuntu 14.04 LTS
cd /usr/src
sudo wget http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-6.0.3.tar.gz
sudo tar zxvf PF_RING-6.0.3.tar.gz
cd PF_RING-6.0.3/userland/lib
./configure --prefix=/opt/pfring
sudo make install

cd ../libpcap
./configure --prefix=/opt/pfring
sudo make install

cd ../tcpdump-4.1.1
./configure --prefix=/opt/pfring
sudo make install

cd ../../kernel
sudo make install

sudo modprobe pf_ring enable_tx_capture=0 min_num_slots=32768

cdaviso1 at vols.utk.edu<mailto:cdaviso1 at vols.utk.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150922/b6d34b2d/attachment.html 

More information about the Bro mailing list