[Ntop-misc] R: R: DNA DAQ for SNORT

[Maurizio Di Pietro (Esterna)]

I have compile pfring-daq-module and daq-2.0.2. I have to compile other?

 

Thanks

Maurizio

 

 

 

Da: ntop-misc-boun...@listgateway.unipi.it
[mailto:ntop-misc-boun...@listgateway.unipi.it] Per conto di Alfredo
Cardigliano
Inviato: martedì 27 maggio 2014 19:19
A: ntop-misc@listgateway.unipi.it
Oggetto: Re: [Ntop-misc] R: DNA DAQ for SNORT

 

Did you install the pfring_dna daq module? It is not listed in your
/usr/local/lib/daq 

 

Alfredo

 

On 27 May 2014, at 19:10, Maurizio Di Pietro (Esterna) <m.dipie...@resi.it>
wrote:





Now I’m  running a more simple command for a test. I had the same problem

 

/usr/local/bin/snort -c
/usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf
--daq-dir /usr/local/lib/daq --pid-path=/tmp/snort0  --daq pfring_dna
--daq-mode passive -i dna0 -v –e

 

ERROR: Can't find pfring_dna DAQ!

Fatal Error, Quitting..

 

I didn't understand

 

Below I wrote my configuration

 

]# lsmod

Module                  Size  Used by

ixgbe                 310387  0

pf_ring               436931  24

 

 

]# ifconfig

dna0      Link encap:Ethernet  HWaddr EC:9E:CD:0D:F1:44

          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

          Memory:fb120000-fb140000

 

dna1      Link encap:Ethernet  HWaddr EC:9E:CD:0D:F1:45

          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

          Memory:fb100000-fb120000

 

 

ls -la /usr/local/lib/daq/

totale 236

drwxr-xr-x  2 root root  4096 23 mag 15:32 .

drwxr-xr-x. 8 root root  4096 23 mag 15:30 ..

-rwxr-xr-x  1 root root  1000 23 mag 15:30 daq_afpacket.la

-rwxr-xr-x  1 root root 51455 23 mag 15:30 daq_afpacket.so

-rwxr-xr-x  1 root root   956 23 mag 15:30 daq_dump.la

-rwxr-xr-x  1 root root 25374 23 mag 15:30 daq_dump.so

-rwxr-xr-x  1 root root   976 23 mag 15:30 daq_ipfw.la

-rwxr-xr-x  1 root root 28191 23 mag 15:30 daq_ipfw.so

-rwxr-xr-x  1 root root   956 23 mag 15:30 daq_pcap.la

-rwxr-xr-x  1 root root 30084 23 mag 15:30 daq_pcap.so

-rwxr-xr-x  1 root root   963 23 mag 15:32 daq_pfring.la

-rwxr-xr-x  1 root root 66833 23 mag 15:32 daq_pfring.so

 

 

 

 

Thanks

Maurizio

 

 

 

 

 

 

 

Da: ntop-misc-boun...@listgateway.unipi.it
[mailto:ntop-misc-boun...@listgateway.unipi.it] Per conto di Alfredo
Cardigliano
Inviato: martedì 27 maggio 2014 18:35
A: ntop-misc@listgateway.unipi.it
Oggetto: Re: [Ntop-misc] DNA DAQ for SNORT

 

Hi Maurizio

—daq-var clusterid is not supported by the pfring_dna daq, please also make
sure pf_ring is loaded and the dna0 interface is up. Please let us know.

 

Best Regards

Alfredo

 

On 27 May 2014, at 17:54, Maurizio Di Pietro (Esterna) <
<mailto:m.dipie...@resi.it> m.dipie...@resi.it> wrote:






Hello,

I'm working with snort and DAQ PRING 6.01 less DNA.

I ran more istance of snort with this command and it works well

 

/usr/local/bin/snort -c
/usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf
--pid-path=/tmp/snort0 -i eth10 -l /tmp/snort0 --perfmon-file
/tmp/snort0/snort.stats --daq-dir /usr/local/lib/daq --daq pfring --daq-var
bindcpu=0 --daq-var clusterid=16

 

Now I'm trying to use the feature z-copy (DNA). So i compiled the ixgbe DNA
driver, i  loaded it and tryed to run snort with this command

 

/usr/local/bin/snort -c
/usr/src/PF_RING-6.0.1/userland/snort/snort-2.9.6.0/etc/snort.conf
--pid-path=/tmp/snort0 -i dna0 -l /tmp/snort0 --perfmon-file
/tmp/snort0/snort.stats --daq-dir /usr/local/lib/daq --daq pfring_dna
--daq-var bindcpu=0 --daq-var clusterid=16

 

But I have this output

 

pfring DAQ configured to passive.

ERROR: Can't initialize DAQ pfring (-1) -

Fatal Error, Quitting..

 

 

Why?

1- Do i have a license for work with DNA DAQ?

2- must I use PF_RING_aware?

3- Do I make some mistakes?

 

pfcount and pfsend work well!

Thanks

Bye

 

_______________________________________________
Ntop-misc mailing list
 <mailto:Ntop-misc@listgateway.unipi.it> Ntop-misc@listgateway.unipi.it
 <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

 

_______________________________________________
Ntop-misc mailing list
 <mailto:Ntop-misc@listgateway.unipi.it> Ntop-misc@listgateway.unipi.it
 <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

 


_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc