[Bro] Duplicate log entries for events
Alex Waher
alexwis at gmail.com
Wed Oct 9 12:50:26 PDT 2013
Make sure `lsmod` shows that the pf_ring module is loaded. If its not
loaded, `modprobe pf_ring`
Or verify the eth0 interface is running with pf_ring by checking
/proc/net/pf_ring/dev/eth0/info
On Wed, Oct 9, 2013 at 9:35 AM, Seth Hall <seth at icir.org> wrote:
>
> On Oct 8, 2013, at 5:16 PM, Brendan Dalpe <brendan-dalpe at utulsa.edu>
> wrote:
>
> > [bro-eth0]
> > type=worker
> > host=10.1.26.22
> > interface=eth0
> > lb_method=pf_ring
> > lb_procs=4
> >
> >
> > Any thoughts?
>
> It sounds like something isn't installed correctly. Did you successfully
> build Bro against the pf_ring libpcap wrapper? Your traffic isn't load
> balancing and each worker is getting the full stream.
>
> Maybe you could show us your configure command? You can see exactly what
> you did if you go to your source and look at build/config.status
>
> .Seth
>
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131009/42ee248e/attachment.html
More information about the Bro
mailing list