[Bro] how to get not duplicated packets

Seong Hyeok Seo pulgrims at gmail.com
Fri Apr 27 02:47:39 PDT 2018


Hi, we're doing a job that collecting traffic by using Bro and PF_RING
, but  we found that each Bro worker got the same full traffic stream.
We think the packet is duplicated as much as the process number that we set
in a config file(bro/etc/node.cfg)

These are OS, Bro, PF_RING Ver. that we're using.


OS: CentOS 7.4.1708 (Core)
Bro: 2.5.3
PF RING: 7.1.0-1859

we installed those things, referring this page, https://www.bro.org/
documentation/load-balancing.html
and node.cfg is like this
------------------------------------------

[manager]
type=manager
host=X.X.X.X

[proxy-1]
type=proxy
host=X.X.X.X

[worker-1]
type=worker
host=X.X.X.X
interface=eth0
lb_method=pf_ring
lb_procs=8
--------------------------------------------------

please, help us to fix this and thank you in advance.

Sincerely,
Seonghyoek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180427/beb834b5/attachment.html 


More information about the Bro mailing list