[Bro] how to get not duplicated packets

Seong Hyeok Seo pulgrims at gmail.com
Fri Apr 27 07:56:20 PDT 2018 

Yes, I will do that.

On Fri, 27 Apr 2018 at 11:54 PM Vlad Grigorescu <vlad at es.net> wrote:

> Would you mind also sending your reply to the bro mailing list? That way
> other people can also help you, and it will provide information to anyone
> else that might run into this same issue in the future. Thanks.
>
> On Fri, Apr 27, 2018 at 2:49 PM, Seong Hyeok Seo <pulgrims at gmail.com>
> wrote:
>
>> we’re working on 2 machines. we set one worker on a single server and a
>> manager and a proxy on the other one.
>> and actually we emailed to a pfring developer and they replied this...
>> “it seems that Bro is not setting up a pf_ring cluster to distribute the
>> traffic across the instances (it should call pfring_set_cluster),
>> please write to the Bro mailing list as we are not maintaining that code
>> sorry.”
>>
>>
>> On Fri, 27 Apr 2018 at 11:33 PM Vlad Grigorescu <vlad at es.net> wrote:
>>
>>> Could you provide a bit more detail about your setup? Are the workers
>>> all running on a single server, or are they distributed across multiple
>>> servers?
>>>
>>> What I'm trying to determine is at what point the duplication is
>>> happening.
>>>
>>> On Fri, Apr 27, 2018 at 9:47 AM, Seong Hyeok Seo <pulgrims at gmail.com>
>>> wrote:
>>>
>>>> Hi, we're doing a job that collecting traffic by using Bro and PF_RING
>>>> , but  we found that each Bro worker got the same full traffic stream.
>>>> We think the packet is duplicated as much as the process number that we
>>>> set in a config file(bro/etc/node.cfg)
>>>>
>>>> These are OS, Bro, PF_RING Ver. that we're using.
>>>>
>>>>
>>>> OS: CentOS 7.4.1708 (Core)
>>>> Bro: 2.5.3
>>>> PF RING: 7.1.0-1859
>>>>
>>>> we installed those things, referring this page,
>>>> https://www.bro.org/documentation/load-balancing.html
>>>> and node.cfg is like this
>>>> ------------------------------------------
>>>>
>>>> [manager]
>>>> type=manager
>>>> host=X.X.X.X
>>>>
>>>> [proxy-1]
>>>> type=proxy
>>>> host=X.X.X.X
>>>>
>>>> [worker-1]
>>>> type=worker
>>>> host=X.X.X.X
>>>> interface=eth0
>>>> lb_method=pf_ring
>>>> lb_procs=8
>>>> --------------------------------------------------
>>>>
>>>> please, help us to fix this and thank you in advance.
>>>>
>>>> Sincerely,
>>>> Seonghyoek
>>>>
>>>>
>>>> _______________________________________________
>>>> Bro mailing list
>>>> bro at bro-ids.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180427/1523811b/attachment-0001.html

More information about the Bro mailing list