Yes, correct. Alfredo
> On 08 Mar 2015, at 21:10, Jim Hranicky <[email protected]> wrote: > > Ok, so I want to be able to run 12 snorts but still capture > all the traffic with tcpdump. Should I be doing this? > > ./zbalance_ipc -i zc:enp4s0 -m 1 -n 12,1 -c 44 -g 0:11 > > ? > > I get this output: > > Application 0 > pfcount -i zc:44@0 > pfcount -i zc:44@1 > pfcount -i zc:44@2 > pfcount -i zc:44@3 > pfcount -i zc:44@4 > pfcount -i zc:44@5 > pfcount -i zc:44@6 > pfcount -i zc:44@7 > pfcount -i zc:44@8 > pfcount -i zc:44@9 > pfcount -i zc:44@10 > pfcount -i zc:44@11 > Application 1 > pfcount -i zc:44@12 > > Snort runs like this (12 total): > > /opt/pf/bin/snort -D -i zc:44@0 --daq-dir=/opt/pf/lib/daq \ > --daq-var clusterid=44 --daq-var bindcpu=6 --daq pfring_zc \ > -c /etc/snort/snort.conf -l /var/log/snort1 -R 1 > > and I can then capture packets with > > /opt/pf/sbin/tcpdump -i zc:44@12 -Xnns0 -w /tmp/all.cap > > It all seems to work - does this all look right? > > Thanks, and sorry for spamming the list so much. > > -- > Jim Hranicky > Data Security Specialist > UF Information Technology > Information Security Office > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
