Hi,
I am installing Bro on Redhat OS.
My Bro machine has two interfaces.
- Interface#1(p1p1) : Server farm inbound traffic
- Interface#2(p1p2) : Server farm outbound traffic
I configured two interfaces with pf_ring.
node.cfg file is as follows.
Install https://github.com/ntop/bro-pf_ring in general for best results.
Use
interface=pf_ring::p1p1,p1p2
Thanks.
Your words helped me a lot.
2019년 9월 3일 (화) 오전 10:40, Justin Azoff <justin@corelight.com>님이 작성:
Hi Justin and Raphael,
Very good point and very interesting issue. Some questions….
What does exactly do bro-pf_ring?
What does “best results” mean?
Is it mandatory to use bro + pf_ring?
If not what features are added?
Thanks in advance,
Xavier Gonzalez
CTO & Co-founder
Guys, remove me from this, please. IDK how to stop recieving your emails about Bro.
Thanks.
3 сент. 2019 г., 4:32 +0300, Raphael Shin <hkshin98@gmail.com>, писал: