[Bro] High orig_bytes value
Danilo Nicolò
dani.nicolo at gmail.com
Fri Sep 9 08:48:21 PDT 2016
Hello Seth,
>> Have you tried just sniffing a single interface and doing load
balancing? Could you send the script you're running in packet-bricks?
No, I’ve tried to sniff four interfaces, merging them to one and
load-balancing on two worker (for now).
I used first:
Brick.new("Merge")
And then:
Brick.new("LoadBalancer")
The flow works well as programmed, but sometimes that problem of wrong
orig_bytes happened.
Now I removed packet-bricks layer connecting netmapped-interfaces directly
to bro and it’s working well.
Thanks for your interest
Danilo
2016-09-08 15:49 GMT+02:00 Seth Hall <seth at icir.org>:
>
> > On Sep 8, 2016, at 4:57 AM, Danilo Nicolò <dani.nicolo at gmail.com> wrote:
> >
> > Sorry for short information.
> > I’m using Packet-bricks + Bro (2.5) + Netmap (plugin)
>
> Thanks for the explanation of what you're doing, that's helpful.
>
> > Yesterday I removed Packet-bricks from the chain and the problem was
> solved.
>
> That's good to know.
>
> > Eth0 --\
> >
> > Eth1 ------ Merge -> Slot -> LoadBalance ----- Slot -> Bro worker #1
> >
> > Eth2 ---/
> \--- Slot -> Bro worker #2
> >
> > Eth3 --/
>
> Have you tried just sniffing a single interface and doing load
> balancing? Could you send the script you're running in packet-bricks?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160909/f9df174e/attachment.html
More information about the Bro
mailing list