[Zeek] How to configure multiple interfaces
Justin Azoff
justin at corelight.com
Mon Sep 2 18:39:30 PDT 2019
Install https://github.com/ntop/bro-pf_ring in general for best results.
Use
interface=pf_ring::p1p1,p1p2
On Mon, Sep 2, 2019 at 9:32 PM Raphael Shin <hkshin98 at gmail.com> wrote:
> Hi,
>
> I am installing Bro on Redhat OS.
>
> My Bro machine has two interfaces.
> - Interface#1(p1p1) : Server farm *inbound* traffic
> - Interface#2(p1p2) : Server farm *outbound* traffic
>
> I configured two interfaces with pf_ring.
>
> node.cfg file is as follows.
>
> ----------------------------
> [logger]
> type=logger
> host=localhost
>
> [manager]
> type=manager
> host=localhost
>
> [proxy-1]
> type=proxy
> host=localhost
>
> [worker-1]
> type=worker
> host=localhost
> interface=*p1p1*
> lb_method=pf_ring
> lb_procs=2
> pin_cpus=8,9
>
> [worker-2]
> type=worker
> host=localhost
> interface=*p1p2*
> lb_method=pf_ring
> lb_procs=2
> pin_cpus=10,11
> ----------------------------
>
>
> but, I had wrong connection information.
>
> Most conn_state is SH or SHR in the conn.log file.
>
> How can I configure the node.cfg file?
>
> Thanks,
> Raphael
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190902/dc18ea36/attachment.html
More information about the Zeek
mailing list