[Bro] PF_RING Help Needed
Philip Romero
promero at cenic.org
Thu Oct 12 15:12:02 PDT 2017
Success, for now. I put back my original lb node.cfg config and turned
off the local firewall to see if stuff would work. It does. Now I need
to get my system admin team to adjust their standard server firewall
config to allow the bro processes to talk locally. Thanks for the help.
Philip
On 10/12/17 3:01 PM, Azoff, Justin S wrote:
>> On Oct 12, 2017, at 5:41 PM, Philip Romero <promero at cenic.org> wrote:
>>
>> I just tried the below node.cfg setting and it did not seem to fix the issue. The weird thing is that I never really get a noticeable error during the startup process. It says stuff is running, but I just don't get any logs. I also am not able to pull a "broctl netstats" output when load-balancing is configured, but I can when it is not.
> OK! This is not a load balancing problem or a pf_ring problem at all.
>
> The different bro processes are unable to connect to each other. Check that 'localhost' resolves to 127.0.0.1 and that you don't have any iptables rules applied to the lo interface that would be preventing processes from reaching each other.
>
>
> —
> Justin Azoff
>
--
Philip Romero, CISSP, CISA
Sr. Information Security Analyst
CENIC
promero at cenic.org
Phone: (714) 220-3430
Mobile: (562) 237-9290
More information about the Bro
mailing list