[Bro] PF_RING Help Needed

James Lay jlay at slave-tothe-box.net
Thu Oct 12 15:13:11 PDT 2017


On 2017-10-12 15:41, Philip Romero wrote:
> I just tried the below node.cfg setting and it did not seem to fix the
> issue. The weird thing is that I never really get a noticeable error
> during the startup process. It says stuff is running, but I just don't
> get any logs. I also am not able to pull a "broctl netstats" output 
> when
> load-balancing is configured, but I can when it is not.
> 
> 
> On 10/12/17 2:22 PM, Azoff, Justin S wrote:
>>> On Oct 12, 2017, at 5:14 PM, Philip Romero <promero at cenic.org> wrote:
>>> 
>>> All,
>>> 
>>> I've been meaning to get PF_RING going for a while and am now trying 
>>> to focus on getting it working. Until now I've been running the 
>>> "standalone" [bro] config at the top of my node.cfg output below. 
>>> I've been thru the past threads and came across some info related to 
>>> output that might confirm if pf_ring and bro were compiled together 
>>> correctly. Below I've add the output of some of the commands 
>>> suggested for input on troubleshooting the issue.
>>> I suspect an error in some part of my config or setup since I don't 
>>> get any usable logs when the load-balance/pf_ring node.cfg setting 
>>> are enabled. If I comment them out and do a broctl deploy usable logs 
>>> immediately appear in my log directory. Any hints or suggestions as 
>>> to why my pf_ring configuration is not working would be greatly 
>>> appreciated. Let me know if any additional details I need to provide 
>>> would help shed some light on my issue.
>> Can you clarify specifically which lines you are commenting out?  Does 
>> the below configuration work?
>> 
>> [manager]
>> type=manager
>> host=localhost
>> 
>> [proxy-1]
>> type=proxy
>> host=localhost
>> 
>> [worker-1]
>> type=worker
>> host=localhost
>> interface=ens2f0
>> 
>>>> Justin Azoff
>> 
>> 

Make sure you've followed this:

https://www.bro.org/documentation/load-balancing.html

Also, your logs may no longer be in spool, but might be in manager or 
logger directories.

James


More information about the Bro mailing list