[Bro] Using native PF_RING plugin with broctl
landy-bible at utulsa.edu
Mon Feb 27 04:02:29 PST 2017
I think you just need "interface=eth0". It knows to use pf_ring because of
the next line.
On Mon, Feb 27, 2017, 05:14 Jullian Remi <remi.jullian at ssi.gouv.fr> wrote:
> Hi all,
> I am trying to use Bro's PF_RING plugin with broctl, using a simple bro
> cluster on a single host.
> Here is an extract of my 'node.cfg' file:
> When I used the deploy command, I got the following error: "fatal error:
> type of packet source 'pf_ring' no recognized, or mode not supported"
> Here is the output of the deploy command:
> [BroControl] > deploy
> starting ...
> starting manager ...
> starting proxy ...
> starting worker-1
> starting worker-8
> worker-1 terminated immediately after starting; check output with "diag"
> worker-8 terminated immediately after starting; check output with "diag"
> And when running "diag":
> [BroControl] > diag
> ==== stderr.log
> fatal error: type of packet source 'pf_ring' no recognized, or mode not
> However I do not have any problem running bro as a standalone process
> with local commands such as:
> $/usr/local/bro/bin/bro -i pf_ring::eth0
> listening on eth0
> $/usr/local/bro/bin/bro -N | grep PF
> Bro::PF_RING - Packet acquisition via PF_RING (dynamic, version 1.0)
> This tends to prove Bro plugin has been installed and works.
> I think Broctl is launching Bro binary without the right settings for
> the plugin to be found/to work correctly. Am I missing something with
> configuration files ?
> May be the environment variables aren't properly set?
> Does anyone use bro's PF_RING plugin with a cluster configuration
> without issues?
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro