HiAlberto,
you said:
>> zbalance_ipc, it creates virtual interfaces/queues named <cluster
id>@<queue>
you can open in snort/suricata,
You meant
./zbalance_ipc -i eth0 -c 99 -n 1 -m 2(generate aqueue)
And then listen on suricata, correct ?
suricata -c /usr/local/etc/suricata/suricata.yaml
--pfring-int="zc:99@0" --pfring-cluster-id=99
--pfring-cluster-type=cluster_flow --runmode=autofp
Or any other client:
./pfcount -i zc:99@0
./zcount -i zc:99@0 -c 1
Why does zcount needs to create another cluster ?
Shouldn't it just count packets out from an existing cluster (in this
case 99) ?
Thanks,
Pedro
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
