[Bro] Using native PF_RING plugin with broctl
Jullian Remi
remi.jullian at ssi.gouv.fr
Mon Feb 27 03:12:38 PST 2017
Hi all,
I am trying to use Bro's PF_RING plugin with broctl, using a simple bro
cluster on a single host.
Here is an extract of my 'node.cfg' file:
[worker]
type=worker
host=localhost
interface=pf_ring::eth0
lb_method=pf_ring
lb_procs=8
pin_cpus=0,1,2,3,4,5,6,7
When I used the deploy command, I got the following error: "fatal error:
type of packet source 'pf_ring' no recognized, or mode not supported"
Here is the output of the deploy command:
[BroControl] > deploy
...
starting ...
starting manager ...
starting proxy ...
starting worker-1
...
starting worker-8
worker-1 terminated immediately after starting; check output with "diag"
...
worker-8 terminated immediately after starting; check output with "diag"
And when running "diag":
[BroControl] > diag
==== stderr.log
fatal error: type of packet source 'pf_ring' no recognized, or mode not
supported
However I do not have any problem running bro as a standalone process
with local commands such as:
$/usr/local/bro/bin/bro -i pf_ring::eth0
listening on eth0
and:
$/usr/local/bro/bin/bro -N | grep PF
Bro::PF_RING - Packet acquisition via PF_RING (dynamic, version 1.0)
This tends to prove Bro plugin has been installed and works.
I think Broctl is launching Bro binary without the right settings for
the plugin to be found/to work correctly. Am I missing something with
configuration files ?
May be the environment variables aren't properly set?
Does anyone use bro's PF_RING plugin with a cluster configuration
without issues?
Thanks,
Rémi
More information about the Bro
mailing list