[Bro] Triplicate Entries in CONN Log
promero at cenic.org
Tue Jan 2 13:42:00 PST 2018
Thanks for the quick response. Our Systems team assures me the pf_ring
is compiled correctly and provided the below output. We have some ACL's
in place that makes it difficult to load the bro-doctor pkg you mention
easily, but will work towards getting that tool in place. In the
meantime, is there anything about the below output that looks out of
place or missing? We'll also be setting the pfringclusterid in the
broctl.cfg to see if that fixes the issue.
# ldd /usr/local/bin/bro | grep pcap
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x00007f5473516000)
# strings /usr/local/lib/libpcap.so.1 | grep pfring | tail -n3
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro