[Zeek] PFRING support on RPM packages
Eric Ooi
ericooi at gmail.com
Sat Feb 9 06:51:19 PST 2019
Don’t think they do either, especially since the official Zeek
documentation includes a step on compiling from source to do it.
https://www.zeek.org/documentation/load-balancing.html
Just in case it helps, I wrote an article on installing Zeek from source
with PF_RING on CentOS.
https://www.ericooi.com/zeekurity-zen-part-i-how-to-install-zeek-bro-on-centos-7/
I’m eventually going to change it to use AF_PACKET instead, as that’s what
seems to be recommended in past threads from the Zeek folks. I’ve also
been using AF_PACKET in my own production system at work without issues.
On Sat, Feb 9, 2019 at 5:54 AM Martin, Eric J <ejmartin2 at wpi.edu> wrote:
> I’m overhauling some East / West sensors, and one thought is to deploy
> Zeek to minimize what we need to manage (as opposed to individual Snort /
> Argus sensors). Since these machines are using Intel 525 cards, I will be
> using PFRing as a load balancer. Does the bro RPM support this? I looked
> and don’t think so, though I wanted to ask here before rolling my own RPM.
>
> Please excuse any typos / brevity, I'm on my mobile.
> Thank you,
> --
> Eric Martin
> Information Security Engineer
> Worcester Polytechnic Institute
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190209/d46c97cc/attachment.html
More information about the Zeek
mailing list