Hi Jim
it seems that Zeek has not been linked against the pf_ring aware libpcap:
Could you double check with:
ldd /usr/local/bro/bin/bro | grep pcap
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x00007fa371e33000)
As explained in this guide?
http://www.ntop.org/guides/pf_ring/thirdparty/bro.html
<http://www.ntop.org/guides/pf_ring/thirdparty/bro.html>
Alfredo
> On 14 Mar 2019, at 02:46, Jim Hranicky <[email protected]> wrote:
>
> Today I upgraded from zeek-2.6-beta2 and pf_ring 7.3.0
>
> PF_RING 7.3.0 ($Revision: dev:c85efbc90d5abb7ef471be17cf9192b88a842ac4$)
>
> to zeek 2.6.1 and the latest pf_ring from git
>
> PF_RING 7.5.0 ($Revision: dev:342b85fe63a2f0cdd70cd16fefebe99e6a8657af$)
>
> My interfaces were configured like so to work with zbalance_ipc :
>
> [worker-1]
> type=worker
> host=localhost
> interface=zc:99@0
> lb_method=pf_ring
> lb_procs=1
>
> [worker-2]
> type=worker
> host=localhost
> interface=zc:99@2
> lb_method=pf_ring
> lb_procs=1
>
> etc.
>
> When I start up zeek/bro, all the workers crash with
>
> fatal error: problem with interface zc:99@0@0 (pcap_error: SIOCGIFHWADDR: No
> such device (pcap_activate))
>
> Anyone know what I need to tweak to get this to work?
>
> Thanks,
>
> --
> Jim Hranicky
> Data Security Specialist
> UF Information Technology
> 720 SW 2nd Avenue Suite 450, North Tower, Gainesville, FL 32605
> 352-273-1341
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
