[Bro] Bro and pf_ring

Jeff Lucovsky lucovsky at reservoir.com
Thu Jan 7 12:30:52 PST 2016


Hi Vito,

If you're using Bro 2.4 or later, the pf_ring plugin is included in the
stock Bro distribution. If that's the case, then you do not need the plugin
from github.

The plugin provides packet access when your setup includes PF_RING *and*
you're using Bro 2.4 or above. If you're using Bro 2.3 or earlier, plugins
don't apply as the architecture didn't support them.

When Bro introduced I/O sources with 2.4, the plugin architecture was
created; Bro 2.3 didn't use plugins for packet access. Check out the other
Bro 2.4 plugins in <bro-source-tree>/aux/bro-plugins.


-- 
Jeff Lucovsky
*Reservoir *Labs
212 780 0527 x173 <212%20780%200527%20x100>

On Thu, Jan 7, 2016 at 10:49 AM, Vito Logrillo <vitologrillo at gmail.com>
wrote:

> Hi all,
> i'm using bro with the pf_ring driver in a cluster architecture as
> written in the link below
>
> https://www.bro.org/documentation/load-balancing.html
>
> Now i've seen a plugin for bro able to provide native pf_ring support
>
> https://github.com/bro/bro-plugins/tree/master/pf_ring
>
> Sorry for the lazy question, but which are the benefits of this plugin?
> Thanks
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160107/4ac53248/attachment.html 


More information about the Bro mailing list