[Bro] Bro + pf_ring on a rasberry pi 3
Alex Kefallonitis
al.kefallonitis at gmail.com
Tue Feb 28 14:13:06 PST 2017
The problem is tha rpi has 100mpbs network card and i want to use cluster
and pf_ring and without knowing much seems the best option for real time
monitoring on a production network
2017-02-28 23:48 GMT+02:00 Azoff, Justin S <jazoff at illinois.edu>:
>
> > On Feb 28, 2017, at 4:37 PM, Alex Kefallonitis <
> al.kefallonitis at gmail.com> wrote:
> >
> > pi at raspberrypi:~/bro-test $ cat reporter.log
> > #separator \x09
> > #set_separator ,
> > #empty_field (empty)
> > #unset_field -
> > #path reporter
> > #open 2017-02-28-21-09-35
> > #fields ts level message location
> > #types time enum string string
> > 1488316175.157715 Reporter::INFO received termination signal
> (empty)
> > 1488316175.157715 Reporter::INFO 674 packets received on interface
> eth0, 0 dropped (empty)
> > #close 2017-02-28-21-09-35
> >
>
> ah, well that's not so bad.
>
>
> The entries that you pasted from your conn.log before only had "^c" for
> history, which is
>
> ## ^ connection direction was flipped by Bro's heuristic
> ## c packet with a bad checksum
>
>
> have you tried bro using the libpcap that comes with pf_ring?
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170301/735d8f4d/attachment.html
More information about the Bro
mailing list