[Zeek] How to configure multiple interfaces

Tue Sep 3 07:48:16 PDT 2019

You can unsubscribe here: http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek <http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek>

> On Sep 3, 2019, at 3:42 AM, Иван Раткин <adh.2234 at gmail.com> wrote:
> 
> Guys, remove me from this, please. IDK how to stop recieving your emails about Bro. 
> Thanks.
> 3 сент. 2019 г., 4:32 +0300, Raphael Shin <hkshin98 at gmail.com>, писал:
>> Hi,
>> 
>> I am installing Bro on Redhat OS.
>> 
>> My Bro machine has two interfaces.
>>  - Interface#1(p1p1) : Server farm inbound traffic
>>  - Interface#2(p1p2) : Server farm outbound traffic
>> 
>> I configured two interfaces with pf_ring.
>> 
>> node.cfg file is as follows.
>> 
>> ----------------------------
>> [logger]
>> type=logger
>> host=localhost
>> 
>> [manager]
>> type=manager
>> host=localhost
>> 
>> [proxy-1]
>> type=proxy
>> host=localhost
>> 
>> [worker-1]
>> type=worker
>> host=localhost
>> interface=p1p1
>> lb_method=pf_ring
>> lb_procs=2
>> pin_cpus=8,9
>> 
>> [worker-2]
>> type=worker
>> host=localhost
>> interface=p1p2
>> lb_method=pf_ring
>> lb_procs=2
>> pin_cpus=10,11
>> ----------------------------  
>> 
>> 
>> but, I had wrong connection information.
>> 
>> Most conn_state is SH or SHR in the conn.log file.
>> 
>> How can I configure the node.cfg file?
>> 
>> Thanks,
>> Raphael
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190903/465e59b0/attachment.html