Jose, for using zc you need to use device “zc:eth4”. I am not sure you need the cluster parameter
Luca > On 27 Apr 2015, at 11:36, Jose Vila <[email protected]> wrote: > > Hello, > > I've installed PF_RING from the ntop repository, and compiled snort + daq + > pfring daq from source, but have problems to run snort ... > > I can run zcount and it gives good statistics on traffic rate: > > # zcount -i eth4 -c 99 > ========================= > Absolute Stats: 120'907 pkts (0 drops) - 89'395'069 bytes > ========================= > > ========================= > Absolute Stats: 249'119 pkts (0 drops) - 185'193'671 bytes > Actual Stats: 128'178.92 pps (0.00 drops) - 0.77 Gbps > ========================= > > ========================= > Absolute Stats: 328'063 pkts (0 drops) - 243'939'955 bytes > Actual Stats: 127'437.35 pps (0.00 drops) - 0.76 Gbps > ========================= > [ ... ] > > But Snort execution fails (same error with pfring and pfring_zc daq): > > # /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq pfring_zc > --daq-var clusterid=99 -i eth4 -v -e > Running in packet dump mode > > --== Initializing Snort ==-- > Initializing Output Plugins! > pfring_zc DAQ configured to passive. > ERROR: Can't initialize DAQ pfring_zc (-1) - > Fatal Error, Quitting.. > > If I list the loaded daqs both pfring and pfring_zc exist: > > # /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq-list > Available DAQ modules: > pfring(v1): live inline multi unpriv > pfring_zc(v10): live inline multi unpriv > pcap(v3): readback live multi unpriv > ipfw(v3): live inline multi unpriv > dump(v2): readback live inline multi unpriv > afpacket(v5): live inline multi unpriv > > The NIC is a 10g intel nic with ixgbe driver. Hugepages are correctly > configured. > > Am i missing something here? > > Thank you very much. > > FYI, installed packages: > > # yum list installed | grep ntop > e1000e-zc.noarch 3.0.4.1-1dkms @ntop-noarch > igb-zc.noarch 5.2.5-1dkms @ntop-noarch > ixgbe-zc.noarch 3.22.3-1dkms @ntop-noarch > pfring.x86_64 6.0.3-8637 @ntop > pfring-dkms.noarch 6.0.3-dkms @ntop-noarch > pfring-drivers-zc-dkms.noarch 1.0-0 @ntop-noarch > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
