[Bro] Bro 2.0 packets dropped
Machiel van Veen
mvv at sentia.nl
Mon Feb 13 07:15:07 PST 2012
On Monday 13 February 2012 10:30:50 Machiel van Veen wrote:
> On Friday 10 February 2012 22:42:43 Martin Holste wrote:
> > What do you see in /proc/net/pf_ring/ ? If you cat a file matching
> > the PID of one of the Bro processes, it should say what the cluster_id
> > is. If they are all 21, then it is working.
>
...
> The other two workers do not connect. The only thing I could find so far
> which could cause this is quick_mode, I've disabled this option.
>
> Any idea what else could cause this?
>
Good news, it turned out to be a recent PF_RING issue, I've updated the kernel
module and it works now. A issue with pfring_set_channel_id() which has been
fixed on the 11th.
I noticed the PF_RING problem trying "pfcount -i p1p1" while bro was running.
Thanks, Machiel.
More information about the Bro
mailing list