John; It sounds like you're stuck following data center OS guidelines. InfoSec OS needs have long since forked from what production data center servers need. While they are stuck with legacy software that is strictly managed on commercial Linux/Unix products according to a very restricted release and change schedule, InfoSec products appear to be driven by the fast moving, open source world and are primarily footed in the Debian Linux family. Today, I find very few products made by security researchers that require RedHat/CentOS, but I do find many that are built and packaged on Ubuntu (even though I personally prefer original Debian for my servers).
I recommend you bring that to the discussion. On Wed, Sep 3, 2014 at 1:22 PM, John Ives <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Unfortunately, it probably will be a requirement, though if I don't > get any traction soon, I may have to open the discussion back up. > > John > > > On 9/3/14 10:08 AM, Doug Burks wrote: > > Hi John, > > > > Is RHEL a requirement? If not, we have Ubuntu packages for the > > latest versions of PF_RING, Snort, DAQ, etc.: > > > http://blog.securityonion.net/2014/08/new-pfring-snort-suricata-bro-packages.html > > > > On Wed, Sep 3, 2014 at 12:15 PM, John Ives > > <[email protected]> wrote: Thanks for the information. It > > seems odd that the link would have led me to the PF_RING source > > code as it was the README.snort file in the source code that told > > me to go to the snort page to get a stable version of the > > "PF_RING-DAQ Module." > > > > Having said that has anyone seen a good information source of how > > to compile the latest snort/DAQ with the latest (stable 6.0.1 or > > devel 6.0.2) PF_Ring (pref using ZC) on RHEL/CENTOS 6.5. All of the > > cookbook sort of docs I have found are written for older versions > > and don't include ZC related advances. Additionally, most of them > > seem to have minor issues that cause them not to translate to > > PF_Ring 6.0.X. > > > > Ultimately, I am trying to get build out several systems, each > > with multiple snort instances running across multiple cores > > monitoring around 3-4Gbps of traffic per system. This seems like a > > good scenario for PF_RING, but figuring it out on my own seems is > > progressing slowly and my google fu doesn't seem to be cutting it. > > > > Thank you, > > > > John > > > > On 08/29/2014 11:02 AM, Y M wrote: > >>>> > >>>> > >>>>> Date: Fri, 29 Aug 2014 10:39:06 -0700 From: > >>>>> [email protected] To: > >>>>> [email protected] Subject: [Ntop-misc] > >>>>> PF_RING-DAQ module > >>>>> > >>>> I am trying to build a snort system on RHEL 6.5 and have > >>>> been having some issues. In reading the README.snort file, it > >>>> mentions a "Stable distributions of PF_RING-DAQ module" which > >>>> was supposed to be at > >>>> http://www.snort.org/snort-downloads/external-daq/. However, > >>>> I believe it was lost in the snort.org redesign. Does anyone > >>>> know if it still exists and if so where it can be found, > >>>>> I am not sure where that link is now but it would > >>>>> eventually have led you to Ntop's sourceforge repo: > >>>>> http://sourceforge.net/projects/ntop/files/PF_RING/. From > >>>>> there you can download the source code for PF_RING. You can > >>>>> also opt in to download from SVN. If you are aiming for > >>>>> packages, you can find the repo here: > >>>>> http://www.nmon.net/packages/ YM > >>>> > >>>> Thank you, > >>>> > >>>> John > >>>> > >>>>> _______________________________________________ Ntop-misc > >>>>> mailing list [email protected] > >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >>>> > >>>> > >>>> > >>>> > >>>> _______________________________________________ Ntop-misc > >>>> mailing list [email protected] > >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >>>> > > > >> _______________________________________________ Ntop-misc mailing > >> list [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > > > > > - -- > - ------------------------------------------------------------------------- > John Ives > Information Security & Policy Phone (510) 229-8676 > University of California, Berkeley > - ------------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > Comment: GPGTools - https://gpgtools.org > > iQEcBAEBCgAGBQJUB1xQAAoJEJkidK6qbyws71kH/RcUrDGekZlZQ913XriA/FKZ > 9XIAZXXFgRNVnjIjLUhvg8qKH8JNxhGTTtpxTgcXzL4OLds4PfAqOmPuHMocpt2E > QsegqqzLz/R+vKccrt1FKwk9Z/hDRHzC2yMeKnBhyo0dJgfKhd62DWUM5InsrNj/ > VpEiztDb/FqaphLkEDMcIzYJJ5N4hJMSfrizFob8R5k2Fu2x/vHpCXbSK4xFgZ7M > 4C+8186xPJHRtu34F3dQioN8ZDw8X6WBtBS0sAqJ4sEQTdj2gZ0W9szZLj6k04Fe > XHeJbgjPlfvISSc/ijGUs+4a5NzMmoUkh+YQ/YNyS5zq0pPcjiOgMxJWyaTRcdA= > =02hB > -----END PGP SIGNATURE----- > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
