[Bro] Triplicate Entries in CONN Log

Philip Romero promero at cenic.org
Tue Jan 2 13:42:00 PST 2018


Thanks for the quick response. Our Systems team assures me the pf_ring
is compiled correctly and provided the below output. We have some ACL's
in place that makes it difficult to load the bro-doctor pkg you mention
easily, but will work towards getting that tool in place. In the
meantime, is there anything about the below output that looks out of
place or missing?  We'll also be setting the pfringclusterid in the
broctl.cfg to see if that fixes the issue.

# ldd /usr/local/bin/bro | grep pcap
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x00007f5473516000)
# strings /usr/local/lib/libpcap.so.1 | grep pfring | tail -n3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180102/68df8f41/attachment.html 

More information about the Bro mailing list