[Zeek] How to configure multiple interfaces
Raphael Shin
hkshin98 at gmail.com
Mon Sep 2 22:50:34 PDT 2019
Thanks.
Your words helped me a lot.
2019년 9월 3일 (화) 오전 10:40, Justin Azoff <justin at corelight.com>님이 작성:
> Install https://github.com/ntop/bro-pf_ring in general for best results.
>
> Use
>
> interface=pf_ring::p1p1,p1p2
>
> On Mon, Sep 2, 2019 at 9:32 PM Raphael Shin <hkshin98 at gmail.com> wrote:
>
>> Hi,
>>
>> I am installing Bro on Redhat OS.
>>
>> My Bro machine has two interfaces.
>> - Interface#1(p1p1) : Server farm *inbound* traffic
>> - Interface#2(p1p2) : Server farm *outbound* traffic
>>
>> I configured two interfaces with pf_ring.
>>
>> node.cfg file is as follows.
>>
>> ----------------------------
>> [logger]
>> type=logger
>> host=localhost
>>
>> [manager]
>> type=manager
>> host=localhost
>>
>> [proxy-1]
>> type=proxy
>> host=localhost
>>
>> [worker-1]
>> type=worker
>> host=localhost
>> interface=*p1p1*
>> lb_method=pf_ring
>> lb_procs=2
>> pin_cpus=8,9
>>
>> [worker-2]
>> type=worker
>> host=localhost
>> interface=*p1p2*
>> lb_method=pf_ring
>> lb_procs=2
>> pin_cpus=10,11
>> ----------------------------
>>
>>
>> but, I had wrong connection information.
>>
>> Most conn_state is SH or SHR in the conn.log file.
>>
>> How can I configure the node.cfg file?
>>
>> Thanks,
>> Raphael
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
>
> --
> Justin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190903/8399345d/attachment.html
More information about the Zeek
mailing list