Hi Alicia standard pf_ring clustering is not supported by dna, and you cannot open the same dna interface from multiple application. This means the you have 2 options: 1. use RSS and open a queue per snort instance 2. use the Libzero DNA Cluster (see pfdnacluster_master app in examples), and open a consumer queue per snort instance
Best Regards Alfredo On 12 Apr 2014, at 16:56, Alicia Smith <[email protected]> wrote: > Good Morning! > > So I am trying to use more than one snort process per interface, while I can > tie a single snort process to a particular cpu, I can't seem to run multiple > snort processes on a single interface and tie them to multiple cpu's with my > current configuration. > > If I attempt to use a "clusterid=" daq variable - I get the following: > Apr 12 14:42:53 DFW01-NIDS snort[3420]: pfring_dna DAQ configured to passive. > Apr 12 14:42:53 DFW01-NIDS snort[3420]: FATAL ERROR: Can't initialize DAQ > pfring_dna (-1) - pfring_daq_initialize: unsupported variable(clusterid=2)#012 > > > without the cluster variable in the startup script I get this error: > > Apr 12 14:51:20 DFW01-NIDS snort[4981]: FATAL ERROR: Can't initialize DAQ > pfring_dna (-1) - > Apr 12 14:51:20 DFW01-NIDS kernel: [PF_RING] Unable to activate two or more > DNA sockets on the same interface dna1/link direction > > > Could someone please point me in the right direction? Was I supposed to > compile with a certain option? > > Thank you in advance! > > Alicia S. > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
