[Zeek] How to configure multiple interfaces
Raphael Shin
hkshin98 at gmail.com
Mon Sep 2 18:30:10 PDT 2019
Hi,
I am installing Bro on Redhat OS.
My Bro machine has two interfaces.
- Interface#1(p1p1) : Server farm *inbound* traffic
- Interface#2(p1p2) : Server farm *outbound* traffic
I configured two interfaces with pf_ring.
node.cfg file is as follows.
----------------------------
[logger]
type=logger
host=localhost
[manager]
type=manager
host=localhost
[proxy-1]
type=proxy
host=localhost
[worker-1]
type=worker
host=localhost
interface=*p1p1*
lb_method=pf_ring
lb_procs=2
pin_cpus=8,9
[worker-2]
type=worker
host=localhost
interface=*p1p2*
lb_method=pf_ring
lb_procs=2
pin_cpus=10,11
----------------------------
but, I had wrong connection information.
Most conn_state is SH or SHR in the conn.log file.
How can I configure the node.cfg file?
Thanks,
Raphael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190903/aee43c77/attachment.html
More information about the Zeek
mailing list