[Bro] zbalance_ipc with multiple applications and Bro
Michał Purzyński
michalpurzynski1 at gmail.com
Wed Feb 11 07:14:30 PST 2015
Hi.
I'm trying to start Bro and Suricata on one sensor, using the pf_ring
ZC, like this
zbalance_ipc -i eth5 -c 99 -n 4,4 -m 1
where 99 is the cluster ID and -n <num>,<num> creates separate rings
for each application. So far so good.
I should tell Bro to somehow bind to the zc:99 at 4, zc:99 at 5, zc:99 at 6,
zc:99 at 7 interfaces. How can I do it?
Using zc:99 at 4 (AKA base, and let it increment automatically) does not work
fatal error: /opt/bro/bin/bro: problem with interface zc:99 at 4 -
pcap_open_live: zc:99 at 4: No such device exists (SIOCGIFHWADDR: No such
device)
Same for just zc:99 and not a surprise, Bro somehow needs to open
sub-interfaces 4-7.
Is it even supported?
More information about the Bro
mailing list