[Bro] PF_Ring Cluster Install

Davison, Charles Robert cdaviso1 at vols.utk.edu
Wed Sep 16 12:40:34 PDT 2015 

I have seen different documentation around building PF_Ring to integrate with bro. I have performed the below already. However, I installed bro from wget instead of from source so does that mean I have to start over? If so does anyone have detailed documentation for configuring bro from source along with all components? I have worked with PF_Ring before and know it can be challenging to get going. I also have many questions regarding how to properly configure the node.cfg and making sure my boxes are configured in the right manner, depending on the processor architecture being used. Would processor architecture affect setting the lb_method, lb_procs, and pin_cpus in AWS? Honestly, if someone well versed in PF_Ring could speak to all those points and some of the questions below we could set up a web-ex. Once I get it running properly I can give the documentation I have made to the bro team so they can update the site regarding all these questions so others who are new to this and might have the same questions can just read the further documentation on the site.


sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-headers-$(uname -r)
sudo apt-get install libnuma-dev
git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel
./configure
make
make install

sudo insmod ./pf_ring.ko
cd ..
cd userland/
cd ../userland
make


>From here when I install based on the  instructions from the bro website <https://www.bro.org/sphinx/configuration/index.html#preparing-to-setup-a-cluster> I perform the following and do not see anything in /usr/src to extract:


cd /usr/src
tar xvzf PF_RING-5.6.2.tar.gz
cd PF_RING-5.6.2/userland/lib
./configure --prefix=/opt/pfring
make install


I also receive the following when attempting to perform any further configurations:

ubuntu at ip-172-31-38-121:~$ cd ../libpcap
-bash: cd: ../libpcap: No such file or directory
ubuntu at ip-172-31-38-121:~$ cd ../tcpdump-4.1.1
-bash: cd: ../tcpdump-4.1.1: No such file or directory
ubuntu at ip-172-31-38-121:~$ cd ../../kernel
-bash: cd: ../../kernel: No such file or directory
ubuntu at ip-172-31-38-121:~$

I also need information on how to load the pf_ring module at boot time for Ubuntu 14.04.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150916/e9063644/attachment.html

More information about the Bro mailing list