[Bro] Bro + pf_ring on a rasberry pi 3
Azoff, Justin S
jazoff at illinois.edu
Tue Feb 28 13:48:37 PST 2017
> On Feb 28, 2017, at 4:37 PM, Alex Kefallonitis <al.kefallonitis at gmail.com> wrote:
>
> pi at raspberrypi:~/bro-test $ cat reporter.log
> #separator \x09
> #set_separator ,
> #empty_field (empty)
> #unset_field -
> #path reporter
> #open 2017-02-28-21-09-35
> #fields ts level message location
> #types time enum string string
> 1488316175.157715 Reporter::INFO received termination signal (empty)
> 1488316175.157715 Reporter::INFO 674 packets received on interface eth0, 0 dropped (empty)
> #close 2017-02-28-21-09-35
>
ah, well that's not so bad.
The entries that you pasted from your conn.log before only had "^c" for history, which is
## ^ connection direction was flipped by Bro's heuristic
## c packet with a bad checksum
have you tried bro using the libpcap that comes with pf_ring?
--
- Justin Azoff
More information about the Bro
mailing list