[Bro] Using native PF_RING plugin with broctl
Jullian Remi
remi.jullian at ssi.gouv.fr
Mon Feb 27 10:51:08 PST 2017
I installed bro using the following commands:
./configure --prefix=/usr/local/bro/
make
sudo make install
Then, bro is started using broctl install, followed by broctl start.
I have only one version of bro installed, the stable version 2.5
(Released Nov 16, 2016).
I was referring to the environment variables such as PATH, BROPATH or
CLUSTER_NODE, contained in ${PREFIX}/spool/worker-X/.env_vars, and
generated by the wrapper script ${PREFIX}/share/broctl/scripts/run-bro.
I forgot to mention that without using the native PF_RING plugin, I am
able to use PF_RING with the dedicated libpcap, such as explained here:
https://www.bro.org/sphinx/configuration/index.html#pf-ring-cluster-configuration.
Therefore, I don't think that this issue is related to the pf_ring
network driver or something like that, but rather to bro or broctl that
does not set the right configuration to enable the plugin.
Rémi
> How did you install bro? Do you have more than one version of bro installed?
>
> What environment variables are you referring to?
More information about the Bro
mailing list