[Bro] Building Bro with PF_RING
James Lay
jlay at slave-tothe-box.net
Thu Nov 24 06:21:11 PST 2016
Verify that the pfring plugin is installed in the right spot:
[07:17:27 :~$] locate PF_RING | grep usr
/usr/local/bro/lib/bro/plugins/Bro_PF_RING
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/__bro_plugin__
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/lib
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/lib/Bro-PF_RING.linux-
x86_64.so
[07:17:36 :~$] /usr/local/bro/bin/bro -N Bro::PF_RING
Bro::PF_RING - Packet acquisition via PF_RING (dynamic, version 1.0)
The instructions below installed into /opt as I have on on other
machines....so you'll want to adjust that configure line.
James
On Thu, 2016-11-24 at 20:52 +0800, Po-Ching Lin wrote:
> James, I followed the following steps to build, but have one more
> question to ask.
>
> Since bro is built before the PF_RING plugin, how can bro find the
> plugin in the right path?
>
> I tested bro with -N Bro::PF_RING, but failed.
>
> $ /usr/local/bro/bin/bro -N Bro::PF_RING
> error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin
> Bro::PF_RING is not available
> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
> Failed to activate requested dynamic plugin(s).
>
> Po-Ching
>
> James Lay On 2016/11/22 12:14AM wrote:
> >
> > On 2016-11-21 09:03, erik clark wrote:
> > >
> > > Are you building bro on 2.5 or 241? If you are building on 25,
> > > its in
> > > aux/plugins/pf_ring and you need to specify where the headers are
> > > for
> > > pfring.
> > >
> > >
> > > _______________________________________________
> > > Bro mailing list
> > > bro at bro-ids.org
> > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > My notes, building pf_ring into /opt:
> >
> > git clone https://github.com/ntop/PF_RING.git
> > cd PF_RING/kernel
> > make
> > sudo make install
> >
> > cd ../userland/lib
> > ./configure --prefix=/opt/pfring
> > sudo make install
> >
> > cd ../libpcap
> > ./configure --prefix=/opt/pfring
> > sudo make install
> >
> > cd ../tcpdump
> > ./configure --prefix=/opt/pfring
> > sudo make install
> >
> > cd bro-2.5
> > ./configure --with-pcap=/opt/pfring
> > make
> > sudo make install
> >
> > pf_ring plugin
> > cd aux/plugins/pf_ring/
> > ./configure --bro-dist=../../.. --with-pfring=/opt/pfring
> > --install-root=/opt/bro/lib/bro/plugins
> > make
> > sudo make install
> >
> > Should get you up and going..if someone sees any errors please let
> > me
> > know.
> >
> > James
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161124/50ed7d35/attachment.html
More information about the Bro
mailing list