Hello,
I've installed PF_RING from the ntop repository, and compiled snort + daq +
pfring daq from source, but have problems to run snort ...
I can run zcount and it gives good statistics on traffic rate:
# zcount -i eth4 -c 99
=========================
Absolute Stats: 120'907 pkts (0 drops) - 89'395'069 bytes
=========================
=========================
Absolute Stats: 249'119 pkts (0 drops) - 185'193'671 bytes
Actual Stats: 128'178.92 pps (0.00 drops) - 0.77 Gbps
=========================
=========================
Absolute Stats: 328'063 pkts (0 drops) - 243'939'955 bytes
Actual Stats: 127'437.35 pps (0.00 drops) - 0.76 Gbps
=========================
[ ... ]
But Snort execution fails (same error with pfring and pfring_zc daq):
# /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq pfring_zc
--daq-var clusterid=99 -i eth4 -v -e
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
pfring_zc DAQ configured to passive.
ERROR: Can't initialize DAQ pfring_zc (-1) -
Fatal Error, Quitting..
If I list the loaded daqs both pfring and pfring_zc exist:
# /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq-list
Available DAQ modules:
pfring(v1): live inline multi unpriv
pfring_zc(v10): live inline multi unpriv
pcap(v3): readback live multi unpriv
ipfw(v3): live inline multi unpriv
dump(v2): readback live inline multi unpriv
afpacket(v5): live inline multi unpriv
The NIC is a 10g intel nic with ixgbe driver. Hugepages are correctly
configured.
Am i missing something here?
Thank you very much.
FYI, installed packages:
# yum list installed | grep ntop
e1000e-zc.noarch 3.0.4.1-1dkms @ntop-noarch
igb-zc.noarch 5.2.5-1dkms @ntop-noarch
ixgbe-zc.noarch 3.22.3-1dkms @ntop-noarch
pfring.x86_64 6.0.3-8637 @ntop
pfring-dkms.noarch 6.0.3-dkms @ntop-noarch
pfring-drivers-zc-dkms.noarch 1.0-0 @ntop-noarch
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
