Yes id like to do it. I already done the same configuration just with pf_ring. With the standard ixgbe driver
If I reload the original driver and run the same command with -daq pfring it works # ps -ef | grep snort root 1070 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort0 -i eth10 -l /tmp/snort0 --perfmon-file /tmp/snort0/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=0 --daq-var clusterid=16 -D root 1076 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort1 -i eth10 -l /tmp/snort1 --perfmon-file /tmp/snort1/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=1 --daq-var clusterid=16 -D root 1082 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort2 -i eth10 -l /tmp/snort2 --perfmon-file /tmp/snort2/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=2 --daq-var clusterid=16 -D root 1088 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort3 -i eth10 -l /tmp/snort3 --perfmon-file /tmp/snort3/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=3 --daq-var clusterid=16 -D root 1094 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort4 -i eth10 -l /tmp/snort4 --perfmon-file /tmp/snort4/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=4 --daq-var clusterid=16 -D root 1100 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort5 -i eth10 -l /tmp/snort5 --perfmon-file /tmp/snort5/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=5 --daq-var clusterid=16 -D root 1106 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort6 -i eth10 -l /tmp/snort6 --perfmon-file /tmp/snort6/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=6 --daq-var clusterid=16 -D root 1108 1 29 19:13 ? 00:00:10 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort9 -i eth10 -l /tmp/snort9 --perfmon-file /tmp/snort9/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=9 --daq-var clusterid=16 -D root 1112 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort7 -i eth10 -l /tmp/snort7 --perfmon-file /tmp/snort7/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=7 --daq-var clusterid=16 -D root 1114 1 33 19:13 ? 00:00:10 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort10 -i eth10 -l /tmp/snort10 --perfmon-file /tmp/snort10/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=10 --daq-var clusterid=16 -D root 1118 1 0 19:13 ? 00:00:00 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort8 -i eth10 -l /tmp/snort8 --perfmon-file /tmp/snort8/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=8 --daq-var clusterid=16 -D root 1120 1 39 19:13 ? 00:00:10 /usr/local/bin/snort -q -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort11 -i eth10 -l /tmp/snort11 --perfmon-file /tmp/snort11/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=11 --daq-var clusterid=16 -D Da: [email protected] [mailto:[email protected]] Per conto di Luca Deri Inviato: martedì 27 maggio 2014 18:36 A: [email protected] Oggetto: Re: [Ntop-misc] DNA DAQ for SNORT Maurizio as follow-up you can enable RSS and spawn one snort instance per queue Luca On 27 May 2014, at 18:34, Alfredo Cardigliano <[email protected]> wrote: Hi Maurizio daq-var clusterid is not supported by the pfring_dna daq, please also make sure pf_ring is loaded and the dna0 interface is up. Please let us know. Best Regards Alfredo On 27 May 2014, at 17:54, Maurizio Di Pietro (Esterna) <[email protected]> wrote: Hello, I'm working with snort and DAQ PRING 6.01 less DNA. I ran more istance of snort with this command and it works well /usr/local/bin/snort -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort0 -i eth10 -l /tmp/snort0 --perfmon-file /tmp/snort0/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var bindcpu=0 --daq-var clusterid=16 Now I'm trying to use the feature z-copy (DNA). So i compiled the ixgbe DNA driver, i loaded it and tryed to run snort with this command /usr/local/bin/snort -c /usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf --pid-path=/tmp/snort0 -i dna0 -l /tmp/snort0 --perfmon-file /tmp/snort0/snort.stats --daq-dir /usr/local/lib/daq --daq pfring_dna --daq-var bindcpu=0 --daq-var clusterid=16 But I have this output pfring DAQ configured to passive. ERROR: Can't initialize DAQ pfring (-1) - Fatal Error, Quitting.. Why? 1- Do i have a license for work with DNA DAQ? 2- must I use PF_RING_aware? 3- Do I make some mistakes? pfcount and pfsend work well! Thanks Bye _______________________________________________ Ntop-misc mailing list <mailto:[email protected]> [email protected] <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list <mailto:[email protected]> [email protected] <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
