Are you building bro on 2.5 or 241? If you are building on 25, its in aux/plugins/pf_ring and you need to specify where the headers are for pfring.
My notes, building pf_ring into /opt:
git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel
make
sudo make install
cd ../userland/lib
./configure --prefix=/opt/pfring
sudo make install
cd ../libpcap
./configure --prefix=/opt/pfring
sudo make install
cd ../tcpdump
./configure --prefix=/opt/pfring
sudo make install
cd bro-2.5
./configure --with-pcap=/opt/pfring
make
sudo make install
pf_ring plugin
cd aux/plugins/pf_ring/
./configure --bro-dist=../../.. --with-pfring=/opt/pfring --install-root=/opt/bro/lib/bro/plugins
make
sudo make install
Should get you up and going..if someone sees any errors please let me know.
James
James, I followed the following steps to build, but have one more question to ask.
Since bro is built before the PF_RING plugin, how can bro find the plugin in the right path?
I tested bro with -N Bro::PF_RING, but failed.
$ /usr/local/bro/bin/bro -N Bro::PF_RING
error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin Bro::PF_RING is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: Failed to activate requested dynamic plugin(s).
Po-Ching
James Lay On 2016/11/22 12:14AM wrote:
Verify that the pfring plugin is installed in the right spot:
[07:17:27 :~$] locate PF_RING | grep usr
/usr/local/bro/lib/bro/plugins/Bro_PF_RING
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/bro_plugin
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/lib
/usr/local/bro/lib/bro/plugins/Bro_PF_RING/lib/Bro-PF_RING.linux-x86_64.so
[07:17:36 :~$] /usr/local/bro/bin/bro -N Bro::PF_RING
Bro::PF_RING - Packet acquisition via PF_RING (dynamic, version 1.0)
The instructions below installed into /opt as I have on on other machines…so you’ll want to adjust that configure line.
James