[Bro] My last issue I hope
Richards, James L - DOA
James.Richards at wisconsin.gov
Thu Jun 20 07:50:12 PDT 2013
So everything is humming along with no errors, but also no events.
In looking at pf_ring, specifically /proc/net/pf_ring, I am seeing that it does not appear to be capturing packets...
Slot Len : 8224 [bucket+header]
Tot Memory : 67108864
Tot Packets : 0
Tot Pkt Lost : 0
Tot Insert : 0
Tot Read : 0
Insert Offset : 0
Remove Offset : 0
TX: Send Ok : 0
TX: Send Errors : 0
Reflect: Fwd Ok : 0
Reflect: Fwd Errors: 0
Num Free Slots : 8159
I have the nics in promisc mode, and have done the sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
Have any of you run into this? I am scouring the web right now, but if anyone knows this one off the top of their head I would be most appreciative for any pointers.
James Richards
Office of Security
Wisconsin Department of Administration
608.224.3880
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130620/126329eb/attachment.html
More information about the Bro
mailing list