[Bro] Using native PF_RING plugin with broctl
Gary Faulkner
gfaulkner.nsm at gmail.com
Mon Feb 27 11:19:31 PST 2017
When you built Bro did you also configure/make/make install the pf_ring
plugin? My recollection is that the plugins are not automatically built
when you build bro. They should be in the
<path-to-bro-source>/aux/plugins/ in the source tree. They typically
install into <path-to-bro>/lib/bro/plugins/.
~Gary
On 2/27/17 12:51 PM, Jullian Remi wrote:
> I installed bro using the following commands:
>
> ./configure --prefix=/usr/local/bro/
> make
> sudo make install
>
> Then, bro is started using broctl install, followed by broctl start.
>
> I have only one version of bro installed, the stable version 2.5
> (Released Nov 16, 2016).
>
> I was referring to the environment variables such as PATH, BROPATH or
> CLUSTER_NODE, contained in ${PREFIX}/spool/worker-X/.env_vars, and
> generated by the wrapper script ${PREFIX}/share/broctl/scripts/run-bro.
>
> I forgot to mention that without using the native PF_RING plugin, I am
> able to use PF_RING with the dedicated libpcap, such as explained here:
> https://www.bro.org/sphinx/configuration/index.html#pf-ring-cluster-configuration.
>
>
> Therefore, I don't think that this issue is related to the pf_ring
> network driver or something like that, but rather to bro or broctl that
> does not set the right configuration to enable the plugin.
>
> Rémi
>> How did you install bro? Do you have more than one version of bro installed?
>>
>> What environment variables are you referring to?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list