Hi Jose please update the code from svn (we improved error reporting), and re-run your command using “zc:eth4” as Luca said.
Alfredo > On 27 Apr 2015, at 11:41, Luca Deri <[email protected]> wrote: > > Jose, > for using zc you need to use device “zc:eth4”. I am not sure you need the > cluster parameter > > Luca > > >> On 27 Apr 2015, at 11:36, Jose Vila <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello, >> >> I've installed PF_RING from the ntop repository, and compiled snort + daq + >> pfring daq from source, but have problems to run snort ... >> >> I can run zcount and it gives good statistics on traffic rate: >> >> # zcount -i eth4 -c 99 >> ========================= >> Absolute Stats: 120'907 pkts (0 drops) - 89'395'069 bytes >> ========================= >> >> ========================= >> Absolute Stats: 249'119 pkts (0 drops) - 185'193'671 bytes >> Actual Stats: 128'178.92 pps (0.00 drops) - 0.77 Gbps >> ========================= >> >> ========================= >> Absolute Stats: 328'063 pkts (0 drops) - 243'939'955 bytes >> Actual Stats: 127'437.35 pps (0.00 drops) - 0.76 Gbps >> ========================= >> [ ... ] >> >> But Snort execution fails (same error with pfring and pfring_zc daq): >> >> # /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq pfring_zc >> --daq-var clusterid=99 -i eth4 -v -e >> Running in packet dump mode >> >> --== Initializing Snort ==-- >> Initializing Output Plugins! >> pfring_zc DAQ configured to passive. >> ERROR: Can't initialize DAQ pfring_zc (-1) - >> Fatal Error, Quitting.. >> >> If I list the loaded daqs both pfring and pfring_zc exist: >> >> # /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq-list >> Available DAQ modules: >> pfring(v1): live inline multi unpriv >> pfring_zc(v10): live inline multi unpriv >> pcap(v3): readback live multi unpriv >> ipfw(v3): live inline multi unpriv >> dump(v2): readback live inline multi unpriv >> afpacket(v5): live inline multi unpriv >> >> The NIC is a 10g intel nic with ixgbe driver. Hugepages are correctly >> configured. >> >> Am i missing something here? >> >> Thank you very much. >> >> FYI, installed packages: >> >> # yum list installed | grep ntop >> e1000e-zc.noarch 3.0.4.1-1dkms @ntop-noarch >> igb-zc.noarch 5.2.5-1dkms @ntop-noarch >> ixgbe-zc.noarch 3.22.3-1dkms @ntop-noarch >> pfring.x86_64 6.0.3-8637 @ntop >> pfring-dkms.noarch 6.0.3-dkms @ntop-noarch >> pfring-drivers-zc-dkms.noarch 1.0-0 @ntop-noarch >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
