PF_RING Help Needed


I’ve been meaning to get PF_RING going for a while and am now trying to focus on getting it working. Until now I’ve been running the “standalone” [bro] config at the top of my node.cfg output below. I’ve been thru the past threads and came across some info related to output that might confirm if pf_ring and bro were compiled together correctly. Below I’ve add the output of some of the commands suggested for input on troubleshooting the issue.

I suspect an error in some part of my config or setup since I don’t get any usable logs when the load-balance/pf_ring node.cfg setting are enabled. If I comment them out and do a broctl deploy usable logs immediately appear in my log directory. Any hints or suggestions as to why my pf_ring configuration is not working would be greatly appreciated. Let me know if any additional details I need to provide would help shed some light on my issue.

[root@xxx-bro-1 etc]# cat node.cfg

Example BroControl node configuration.

Can you clarify specifically which lines you are commenting out? Does the below configuration work?




I comment out all the [manger], [proxy-1], and [worker-1] lines (including the names) below and re-enable the below standalone [bro] lines.


I just tried the below node.cfg setting and it did not seem to fix the issue. The weird thing is that I never really get a noticeable error during the startup process. It says stuff is running, but I just don't get any logs. I also am not able to pull a "broctl netstats" output when load-balancing is configured, but I can when it is not.

OK! This is not a load balancing problem or a pf_ring problem at all.

The different bro processes are unable to connect to each other. Check that 'localhost' resolves to and that you don't have any iptables rules applied to the lo interface that would be preventing processes from reaching each other.

Success, for now. I put back my original lb node.cfg config and turned off the local firewall to see if stuff would work. It does. Now I need to get my system admin team to adjust their standard server firewall config to allow the bro processes to talk locally. Thanks for the help.


Make sure you've followed this:

Also, your logs may no longer be in spool, but might be in manager or logger directories.