[Bro] PF_RING Help Needed

Philip Romero promero at cenic.org
Thu Oct 12 14:41:14 PDT 2017

I just tried the below node.cfg setting and it did not seem to fix the 
issue. The weird thing is that I never really get a noticeable error 
during the startup process. It says stuff is running, but I just don't 
get any logs. I also am not able to pull a "broctl netstats" output when 
load-balancing is configured, but I can when it is not.

On 10/12/17 2:22 PM, Azoff, Justin S wrote:
>> On Oct 12, 2017, at 5:14 PM, Philip Romero <promero at cenic.org> wrote:
>> All,
>> I've been meaning to get PF_RING going for a while and am now trying to focus on getting it working. Until now I've been running the "standalone" [bro] config at the top of my node.cfg output below. I've been thru the past threads and came across some info related to output that might confirm if pf_ring and bro were compiled together correctly. Below I've add the output of some of the commands suggested for input on troubleshooting the issue.
>> I suspect an error in some part of my config or setup since I don't get any usable logs when the load-balance/pf_ring node.cfg setting are enabled. If I comment them out and do a broctl deploy usable logs immediately appear in my log directory. Any hints or suggestions as to why my pf_ring configuration is not working would be greatly appreciated. Let me know if any additional details I need to provide would help shed some light on my issue.
> Can you clarify specifically which lines you are commenting out?  Does the below configuration work?
> [manager]
> type=manager
> host=localhost
> [proxy-1]
> type=proxy
> host=localhost
> [worker-1]
> type=worker
> host=localhost
> interface=ens2f0
>> Justin Azoff

Philip Romero, CISSP, CISA
Sr. Information Security Analyst
promero at cenic.org
Phone: (714) 220-3430
Mobile: (562) 237-9290

More information about the Bro mailing list