[Bro] Distributed deployment high cpu low network traffic
Azoff, Justin S
jazoff at illinois.edu
Wed Jul 13 13:14:57 PDT 2016
> On Jul 13, 2016, at 4:08 PM, Obndnar smith <obdnanr at gmail.com> wrote:
>
> It's not using pf_ring! I recompiled it like the directions said, any advice on getting it to work?
>
> libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f90c13c7000)
try deleting the build/ directory in the bro source tree and then running ./configure again with the right options.
As part of the configure output it will say which pcap it is using. We install pf_ring into /opt/pfring so we build bro using
--with-pcap=/opt/pfring
--
- Justin Azoff
More information about the Bro
mailing list