I am following the instructions on bro.org for the PF_Ring install and have completed the below steps so far. I have a question about the next few steps:
How do i complete this?
…Refer to the documentation for your Linux distribution on how to load the pf_ring module at boot time.
Does this basically mean i need to use the steps below on all worker nodes?
…You will need to install the PF_RING library files and kernel module on all of the workers in your cluster.
I already downloaded bro and installed /configured it… is there a way to reconfigure bro without performing the below steps.
-
Download the Bro source code.
-
Configure and install Bro using the following commands:
Steps Completed Thus Far on Ubuntu 14.04 LTS
cd /usr/src
sudo wget http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-6.0.3.tar.gz
sudo tar zxvf PF_RING-6.0.3.tar.gz
cd PF_RING-6.0.3/userland/lib
./configure --prefix=/opt/pfring
make
sudo make install
cd …/libpcap
./configure --prefix=/opt/pfring
make
sudo make install
cd …/tcpdump-4.1.1
./configure --prefix=/opt/pfring
make
sudo make install
cd …/…/kernel
make
sudo make install
sudo modprobe pf_ring enable_tx_capture=0 min_num_slots=32768
