[Zeek] How to configure multiple interfaces
Иван Раткин
adh.2234 at gmail.com
Tue Sep 3 01:42:16 PDT 2019
Guys, remove me from this, please. IDK how to stop recieving your emails about Bro.
Thanks.
3 сент. 2019 г., 4:32 +0300, Raphael Shin <hkshin98 at gmail.com>, писал:
> Hi,
>
> I am installing Bro on Redhat OS.
>
> My Bro machine has two interfaces.
> - Interface#1(p1p1) : Server farm inbound traffic
> - Interface#2(p1p2) : Server farm outbound traffic
>
> I configured two interfaces with pf_ring.
>
> node.cfg file is as follows.
>
> ----------------------------
> [logger]
> type=logger
> host=localhost
>
> [manager]
> type=manager
> host=localhost
>
> [proxy-1]
> type=proxy
> host=localhost
>
> [worker-1]
> type=worker
> host=localhost
> interface=p1p1
> lb_method=pf_ring
> lb_procs=2
> pin_cpus=8,9
>
> [worker-2]
> type=worker
> host=localhost
> interface=p1p2
> lb_method=pf_ring
> lb_procs=2
> pin_cpus=10,11
> ----------------------------
>
>
> but, I had wrong connection information.
>
> Most conn_state is SH or SHR in the conn.log file.
>
> How can I configure the node.cfg file?
>
> Thanks,
> Raphael
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190903/700801f8/attachment.html
More information about the Zeek
mailing list