Hi John, I looked at the old Snort website (in wayback) and indeed it would eventually take your to PF_RING source code. I did some installations/tips on RHEL/CentOS 6.5 (non zc) and the process is the same with other distros, the most notable difference is the packages and where to get them from. For example, you can get away with a complete setup without having to add the EPEL repo. For RHEL, you may have to add the "optional" rpm repo. I am not aware of zc-specific (drivers, not clusters) deployment - compiling - configurations, but more of how you actually use it. For example, using a PF_RING-aware driver in standard mode you just use the interface name with Snort (-i ethX), with zc you would use zc:ethX. There may be other configurations that I am not aware of (specially with DNA), I just never (can't) use them. YM > Date: Wed, 3 Sep 2014 09:15:39 -0700 > From: [email protected] > To: [email protected] > Subject: Re: [Ntop-misc] PF_RING-DAQ module > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thanks for the information. It seems odd that the link would have led > me to the PF_RING source code as it was the README.snort file in the > source code that told me to go to the snort page to get a stable > version of the "PF_RING-DAQ Module." > > Having said that has anyone seen a good information source of how to > compile the latest snort/DAQ with the latest (stable 6.0.1 or devel > 6.0.2) PF_Ring (pref using ZC) on RHEL/CENTOS 6.5. All of the cookbook > sort of docs I have found are written for older versions and don't > include ZC related advances. Additionally, most of them seem to have > minor issues that cause them not to translate to PF_Ring 6.0.X. > > Ultimately, I am trying to get build out several systems, each with > multiple snort instances running across multiple cores monitoring > around 3-4Gbps of traffic per system. This seems like a good scenario > for PF_RING, but figuring it out on my own seems is progressing slowly > and my google fu doesn't seem to be cutting it. > > Thank you, > > John > > On 08/29/2014 11:02 AM, Y M wrote: > > > > > >> Date: Fri, 29 Aug 2014 10:39:06 -0700 From: > >> [email protected] To: [email protected] > >> Subject: [Ntop-misc] PF_RING-DAQ module > >> > > I am trying to build a snort system on RHEL 6.5 and have been > > having some issues. In reading the README.snort file, it mentions a > > "Stable distributions of PF_RING-DAQ module" which was supposed to > > be at http://www.snort.org/snort-downloads/external-daq/. However, > > I believe it was lost in the snort.org redesign. Does anyone know > > if it still exists and if so where it can be found, > >> I am not sure where that link is now but it would eventually have > >> led you to Ntop's sourceforge repo: > >> http://sourceforge.net/projects/ntop/files/PF_RING/. From there > >> you can download the source code for PF_RING. You can also opt in > >> to download from SVN. If you are aiming for packages, you can > >> find the repo here: http://www.nmon.net/packages/ YM > > > > Thank you, > > > > John > > > >> _______________________________________________ Ntop-misc mailing > >> list [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > > > > > > > _______________________________________________ Ntop-misc mailing > > list [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > - -- > - ------------------------------------------------------------------------- > John Ives > Information Security & Policy Phone (510) 229-8676 > University of California, Berkeley > - ------------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > > iQEcBAEBAgAGBQJUBz6rAAoJEJkidK6qbywsT+oH/1QASu6skEq4M8pfy1MuWeHr > Q3hWguHCwclv0wN6LMcjuK0K2FatKS5lRfjfsufeoR+qPQFQtBYphN//Yt59+bAF > VWpn00xcqbi+v8ac+KWfLxeKFs+JABcWQwpXvtJzJ70/NkNwPhL+FYFllrszaROQ > FjjgufYTc61WyMqDjh4RFSob8MIgsf3Te7rdavRMIB9ZaCHd84qOpOTqGDDT9JI0 > giK8EaOTyb3wsD0DtwrQQKB03n6zRVn+4jtHZNjPKEtmtJOy/Dkn9HhfLIvBRudP > u9Opqyw6N2GrITfyr+VEraq8YVuCmNadSarbnBIZxF17z3UOROQt3yZbjjW+DDI= > =RAkk > -----END PGP SIGNATURE----- > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
