I am setting up some IDS tools to work with pf_ring in ZC-mode. So far my testing has shown that 2 queues is sufficient for the traffic I'm seeing.
Setting e.g. Suricata to use these two queues seems to bind them to Suricata, meaning that other programs, e.g. Argus, cannot listen to the same data. Lets say I have 4 tools that I want to listen to the same traffic. How do I setup pf_ring ZC to support this? Or, if this is not possible, Could I set up some tools to use ZC and some to use vanilla pf_ring, reserving ZC for the most resource intensive tools? Lars
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
