You should use pfcount or zcount_ipc for that, zcount creates a cluster because it is meant to capture from an interface (not to attach to an existing cluster queue) thus it creates a cluster for memory allocation.
Alfredo > On 07 Sep 2015, at 13:00, pmneveshi5 <[email protected]> wrote: > > Hi Alberto, > > you said: > > >> zbalance_ipc, it creates virtual interfaces/queues named <cluster > >> id>@<queue> > >> you can open in snort/suricata, > > You meant > ./zbalance_ipc -i eth0 -c 99 -n 1 -m 2 (generate a queue) > > And then listen on suricata, correct ? > suricata -c /usr/local/etc/suricata/suricata.yaml --pfring-int="zc:99@0" > --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow --runmode=autofp > > > Or any other client: > ./pfcount -i zc:99@0 > ./zcount -i zc:99@0 -c 1 > > > Why does zcount needs to create another cluster ? > Shouldn't it just count packets out from an existing cluster (in this case > 99) ? > > Thanks, > > Pedro > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
