We're in the process of deploying the redBorder Snort management solution (www.redborder.net<http://www.redborder.net>).
The boxes we're using for sensors each have a dual-port fiber adapter from Silicom with the DNA/libzero license. This is the first time I've tried to configure DNA and libzero before, so I'd love a little guidance from the community. Here's what I'm looking to do: I want to share traffic between Snort and the Argus flow collector tool. I want to hash and distribute traffic to Snort such that each of the 16 instances only sees a subset of the traffic. I want a single instance of Argus to view all of the traffic. Argus can read data from multiple interfaces or channels simultaneously. Do I use pfdnacluster_master or pfdnacluster_multithread? I'm not clear on how I can hash the traffic and fan it out to X number of consumers and then make a zero-copy of that fanned out traffic? Thanks. Craig
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
