[Bro] how to get not duplicated packets
Vlad Grigorescu
vlad at es.net
Fri Apr 27 07:33:37 PDT 2018
Could you provide a bit more detail about your setup? Are the workers all
running on a single server, or are they distributed across multiple servers?
What I'm trying to determine is at what point the duplication is happening.
On Fri, Apr 27, 2018 at 9:47 AM, Seong Hyeok Seo <pulgrims at gmail.com> wrote:
> Hi, we're doing a job that collecting traffic by using Bro and PF_RING
> , but we found that each Bro worker got the same full traffic stream.
> We think the packet is duplicated as much as the process number that we
> set in a config file(bro/etc/node.cfg)
>
> These are OS, Bro, PF_RING Ver. that we're using.
>
>
> OS: CentOS 7.4.1708 (Core)
> Bro: 2.5.3
> PF RING: 7.1.0-1859
>
> we installed those things, referring this page, https://www.bro.org/docu
> mentation/load-balancing.html
> and node.cfg is like this
> ------------------------------------------
>
> [manager]
> type=manager
> host=X.X.X.X
>
> [proxy-1]
> type=proxy
> host=X.X.X.X
>
> [worker-1]
> type=worker
> host=X.X.X.X
> interface=eth0
> lb_method=pf_ring
> lb_procs=8
> --------------------------------------------------
>
> please, help us to fix this and thank you in advance.
>
> Sincerely,
> Seonghyoek
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180427/050f46b3/attachment.html
More information about the Bro
mailing list