Snort mailing list archives
Re: PF_RING and DNA with Snort
From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Thu, 15 Aug 2013 11:12:02 +0000
Thanks Tim. Do you know if its still necessary to install daq 2.0.1, or should I just used the daq install from "PF_RING/userland/snort/pfring-daq-module/"? Thanks. On 8/14/13 4:26 PM, "Tim Covel" <tcovel () metaflows com> wrote:
It looks like in newer versions of PF_RING you have to specify multiple clusterid values when using inline mode: pfring-daq-module/README.1st suggests: "--daq-var clusterid=10,11" in the IPS example. and also explains the clusterid var as: "--daq-var clusterid=<comma separated id list> where an id is a number (i.e. the clusterId), one for each interface." It also looks like you are not currently using DNA interfaces, you need to make sure to load the correct driver (PF_RING/drivers/DNA/<driver version>) and start snort using the DNA interfaces the driver creates if you want to use DNA. -Tim On 08/14/2013 12:18 PM, Avery Rozar wrote:Is there an up to date example of using pfring, and dan with Snort? I used the metaflows example, and am running into issues when trying to run snort Using this I get an error snort -c /etc/snort/snort.conf -A console -y -i eth0:eth1 --daq-dir /usr/local/lib/daq --daq pfring --daq-var clusterid=10 --daq-mode inline Q pfring DAQ configured to inline. eth0 <-> eth1 ERROR: Can't initialize DAQ pfring (-1) - pfring_daq_initialize: not enough cluster ids (1) Fatal Error, Quitting.. And using this I get an error snort -c /etc/snort/snort.conf -A console -y -i eth0:eth1 --daq-dir /usr/local/lib/daq --daq pfring --daq-mode inline Q pfring DAQ configured to inline. eth0 <-> eth1 ERROR: Can't initialize DAQ pfring (-1) - Fatal Error, Quitting.. Any help would be great! ------------------------------------------------------------------------- ----- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clkt rk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-------------------------------------------------------------------------- ---- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktr k _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PF_RING and DNA with Snort Avery Rozar (Aug 14)
- Re: PF_RING and DNA with Snort Tim Covel (Aug 14)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 15)
- Re: PF_RING and DNA with Snort Tim Covel (Aug 15)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 15)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 16)
- Re: PF_RING and DNA with Snort Scott Finlon (Aug 16)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 16)
- Message not available
- Re: PF_RING and DNA with Snort Y M (Aug 16)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 16)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 16)
- Re: PF_RING and DNA with Snort Avery Rozar (Aug 15)
- Re: PF_RING and DNA with Snort Tim Covel (Aug 14)