[Bro] RHEL7 and AF_PACKET
Azoff, Justin S
jazoff at illinois.edu
Fri Dec 9 16:02:55 PST 2016
> On Dec 9, 2016, at 5:57 PM, Ditch, Derek <derek.ditch at criticalstack.com> wrote:
> To be clear, AF_PACKET on RHEL7 and CentOS7 work extremely well w/ Bro 2.5 and the af_packet plugin. It will not, however, work under RHEL 6 because it uses the 2.x kernel.
Is this with a single worker or multiple workers?
A single worker would work fine, but as far as I can tell hash based fanout is broken.
If bro is working for you, any ideas why https://github.com/JustinAzoff/can-i-use-afpacket-fanout/ fails to run properly on Centos 7?
- Justin Azoff
More information about the Bro