[Bro-Dev] PF_RING cluster ID
Seth Hall
seth at icir.org
Wed Aug 31 09:28:19 PDT 2011
On Aug 31, 2011, at 12:14 PM, Martin Holste wrote:
> PF_RING's greatest feature is the ability to do per-flow clustering so
> that many sniffers can run in parallel on their own CPU and each
> receive a portion of the traffic which has been load-balanced. Snort
> and Suricata both support this, and we've come to rely on it as we
> don't have access to hardware load balancing. Is there a way to do
> this in Bro?
Use the cluster deployment in BroControl and assign each of the virtual interfaces to a separate worker node. Since you're running the git master though, keep in mind that the broctl master that is currently checked out has some problems. I'll work on merging in our fixed branch today and I'll reply again once it's updated.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list