Bro::PF_RING

This plugin provides native PF_RING support for Bro.

Installation

Follow PF_RING’s instructions to get its kernel module and, potentially, custom drivers installed. The following will then compile and install the PF_RING plugin alongside Bro, assuming it can find the PF_RING headers in a standard location:

./configure && make && make install

If the headers are installed somewhere non-standard, add --with-pfring=<PF_RING-base-directory> to the configure command. If everything built and installed correctly, you should see this:

# bro -N Bro::PF_RING
Bro::PF_RING - Packet acquisition via PF_RING (dynamic, version 1.0)

To use PF_RING, you should run Bro as root.

Usage

Once installed, you can use PF_RING interfaces/ports by prefixing them with pf_ring:: on the command line. For example, to use PF_RING to monitor interface eth0:

bro -i pf_ring::eth0

Table of Contents

Next Page

Bro Redis Logging

Previous Page

Bro::Netmap

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.