Best way to configure BRO IDS 2.4.1 to capture from a Quad port Network card

Hi were are using Dell R230’s with an additional quad port card for network captures, streaming in traffic from our NetOptics Taps. On bro 2.4.1 what is the best way to configure it to listed on all 4 interfaces? Would we set that up in node.cfg and create 4 worker processes so that we can use broctl? Or can we specify it in BRO_CAPTURE_INTERFACE=" eth2 eth3 eth4 eth5". Or is there a command line bro with options?
Is PF_RING needed?

Ludwig,

that up in node.cfg and create 4 worker processes so that we can use

yes!! You can use a cluster setup with assigned worker to each one of the interfaces. This works under assumption that your traffic is not bouncing around (ie part of it is on eth0 and remaining on eth2 )

so node.cfg looks like this:

[manager]
type=manager
host=hostname

[proxy-1]
type=proxy
host=hostname

[proxy-2]
type=proxy
host=hostname

# (infrastructure)
[worker-12]
type=worker
host=hostname
interface=eth1

# (development)
[worker-13]
type=worker
host=hostname
interface=eth2

# main office)
[worker-14]
type=worker
host=hostname
interface=eth3

once setup you can use broctl install, stop deploy commands.

Thanks!

I figured that would work.