Emanuele,
Thanks for the response. I didn't realize there was a pfring service
installed from the ntop repo package as well. I'm running into an issue
with pfring during the compilation of Bro IDS. Bro runs into a libpcap
compile issue even if I specify the path to: /usr/local/lib to use
libpcap.so.1 v1.7.4. If I remove the pf_ring package installed from the
ntop repos, the issue goes away completely. Any ideas there?
I also see that after I install pfring from the repos, I encounter these
errors in the pf_ring.service:
? pf_ring.service - LSB: Start/stop pf_ring
Loaded: loaded (/etc/rc.d/init.d/pf_ring; bad; vendor preset: disabled)
Active: active (exited) since Fri 2017-02-24 17:25:16 EST; 5 days ago
Docs: man:systemd-sysv-generator(8)
Process: 2322 ExecStart=/etc/rc.d/init.d/pf_ring start (code=exited,
status=0/SUCCESS)
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: Starting PF_RING module:
cat: /etc/pf_ring/pf_ring.conf: No such file or directory
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: modprobe: FATAL: Module
pf_ring not found.
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: PF_RING not enabled:
please touch /etc/pf_ring/pf_ring.start
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: [ OK ]
I couldn't locate any pf_ring.start example file so I'm not sure what
parameters would go there.
Thanks for the assist!
On Thu, Mar 2, 2017 at 6:00 AM, <ntop-misc-request@listgateway.unipi.it>
wrote:
> Send Ntop-misc mailing list submissions to
> ntop-misc@listgateway.unipi.it
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> or, via email, send a message with subject or body 'help' to
> ntop-misc-request@listgateway.unipi.it
>
> You can reach the person managing the list at
> ntop-misc-owner@listgateway.unipi.it
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Ntop-misc digest..."
>
>
> Today's Topics:
>
> 1. Question on using pf_ring from ntop CentOS repo (Espresso Beanies)
> 2. Second question on pfring libpcap.so.1 file (Espresso Beanies)
> 3. Re: Question on using pf_ring from ntop CentOS repo
> (Emanuele Faranda)
> 4. Re: Second question on pfring libpcap.so.1 file (Emanuele Faranda)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 1 Mar 2017 14:17:00 -0500
> From: Espresso Beanies <espressobeanies@gmail.com>
> To: ntop-misc@listgateway.unipi.it
> Subject: [Ntop-misc] Question on using pf_ring from ntop CentOS repo
> Message-ID:
> <CAOeD168+fO+9g-LJZnXXSZtyqTfSe9JxuaLPbe9Bk+nvCMS7=
> w@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I added the ntop repo to my CentOS 7 machine and installed the pfring
> package. I ran into an issue where I realized that although I installed the
> package, it did not compile and load the pfring module needed by my system
> (pf_ring.ko). Under the /usr/src directory, I was able to compile and add
> it to modprobe. Do I have to do this every time there's an update to the
> pfring package and how would I make this module persistent across reboots?
>
> Thanks in advance,
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170301/cc3acbe4/attachment-0001.htm>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 1 Mar 2017 14:20:33 -0500
> From: Espresso Beanies <espressobeanies@gmail.com>
> To: ntop-misc@listgateway.unipi.it
> Subject: [Ntop-misc] Second question on pfring libpcap.so.1 file
> Message-ID:
> <CAOeD16-YT5MfyidUQNgV+EXvLaHp7GOyT3TQb5KKpoBoqJfRtQ@
> mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I sent that other message prematurely. Just one other question. Even after
> I installed the pf_ring package from the ntop.org CentOS repo, I'm not
> seeing a separate libpcap.so.1 file exclusive to pfring. Does one get
> created automatically? I'm trying to set up pfring with Bro IDS.
>
> Thanks in advance!
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170301/0bc4cfdc/attachment-0001.htm>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 2 Mar 2017 10:49:16 +0100
> From: Emanuele Faranda <faranda@ntop.org>
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] Question on using pf_ring from ntop CentOS
> repo
> Message-ID: <bc886fac-70e3-be4c-a953-ae4709b99787@ntop.org>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
>
> Hi,
>
> You don't need to manually compile the module. It will be automatically
> rebuilt from /usr/src by DKMS when needed. Starting ntopng with "service
> ntopng start" command will start PF_RING too.
>
> Regards,
> Emanuele
>
>
> On 03/01/2017 08:17 PM, Espresso Beanies wrote:
> > Hi,
> >
> > I added the ntop repo to my CentOS 7 machine and installed the pfring
> > package. I ran into an issue where I realized that although I
> > installed the package, it did not compile and load the pfring module
> > needed by my system (pf_ring.ko). Under the /usr/src directory, I was
> > able to compile and add it to modprobe. Do I have to do this every
> > time there's an update to the pfring package and how would I make this
> > module persistent across reboots?
> >
> > Thanks in advance,
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170302/b2ee45c3/attachment-0001.htm>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 2 Mar 2017 10:58:48 +0100
> From: Emanuele Faranda <faranda@ntop.org>
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] Second question on pfring libpcap.so.1 file
> Message-ID: <0afacd81-bc48-00b1-3759-5649245eaaaf@ntop.org>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
>
> Hi,
>
> In the Centos 7 release of PF_RING the libpcap library is located at
> these paths:
>
> /usr/local/lib/libpcap.so.1
>
> /usr/local/lib/libpcap.a
>
> Regards,
> Emanuele
>
>
> On 03/01/2017 08:20 PM, Espresso Beanies wrote:
> > Hi,
> >
> > I sent that other message prematurely. Just one other question. Even
> > after I installed the pf_ring package from the ntop.org
> > <http://ntop.org> CentOS repo, I'm not seeing a separate libpcap.so.1
> > file exclusive to pfring. Does one get created automatically? I'm
> > trying to set up pfring with Bro IDS.
> >
> > Thanks in advance!
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170302/64077bcc/attachment-0001.htm>
>
> ------------------------------
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> End of Ntop-misc Digest, Vol 153, Issue 1
> *****************************************
>
Thanks for the response. I didn't realize there was a pfring service
installed from the ntop repo package as well. I'm running into an issue
with pfring during the compilation of Bro IDS. Bro runs into a libpcap
compile issue even if I specify the path to: /usr/local/lib to use
libpcap.so.1 v1.7.4. If I remove the pf_ring package installed from the
ntop repos, the issue goes away completely. Any ideas there?
I also see that after I install pfring from the repos, I encounter these
errors in the pf_ring.service:
? pf_ring.service - LSB: Start/stop pf_ring
Loaded: loaded (/etc/rc.d/init.d/pf_ring; bad; vendor preset: disabled)
Active: active (exited) since Fri 2017-02-24 17:25:16 EST; 5 days ago
Docs: man:systemd-sysv-generator(8)
Process: 2322 ExecStart=/etc/rc.d/init.d/pf_ring start (code=exited,
status=0/SUCCESS)
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: Starting PF_RING module:
cat: /etc/pf_ring/pf_ring.conf: No such file or directory
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: modprobe: FATAL: Module
pf_ring not found.
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: PF_RING not enabled:
please touch /etc/pf_ring/pf_ring.start
Feb 24 17:25:16 <machine_hostname> pf_ring[2320]: [ OK ]
I couldn't locate any pf_ring.start example file so I'm not sure what
parameters would go there.
Thanks for the assist!
On Thu, Mar 2, 2017 at 6:00 AM, <ntop-misc-request@listgateway.unipi.it>
wrote:
> Send Ntop-misc mailing list submissions to
> ntop-misc@listgateway.unipi.it
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> or, via email, send a message with subject or body 'help' to
> ntop-misc-request@listgateway.unipi.it
>
> You can reach the person managing the list at
> ntop-misc-owner@listgateway.unipi.it
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Ntop-misc digest..."
>
>
> Today's Topics:
>
> 1. Question on using pf_ring from ntop CentOS repo (Espresso Beanies)
> 2. Second question on pfring libpcap.so.1 file (Espresso Beanies)
> 3. Re: Question on using pf_ring from ntop CentOS repo
> (Emanuele Faranda)
> 4. Re: Second question on pfring libpcap.so.1 file (Emanuele Faranda)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 1 Mar 2017 14:17:00 -0500
> From: Espresso Beanies <espressobeanies@gmail.com>
> To: ntop-misc@listgateway.unipi.it
> Subject: [Ntop-misc] Question on using pf_ring from ntop CentOS repo
> Message-ID:
> <CAOeD168+fO+9g-LJZnXXSZtyqTfSe9JxuaLPbe9Bk+nvCMS7=
> w@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I added the ntop repo to my CentOS 7 machine and installed the pfring
> package. I ran into an issue where I realized that although I installed the
> package, it did not compile and load the pfring module needed by my system
> (pf_ring.ko). Under the /usr/src directory, I was able to compile and add
> it to modprobe. Do I have to do this every time there's an update to the
> pfring package and how would I make this module persistent across reboots?
>
> Thanks in advance,
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170301/cc3acbe4/attachment-0001.htm>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 1 Mar 2017 14:20:33 -0500
> From: Espresso Beanies <espressobeanies@gmail.com>
> To: ntop-misc@listgateway.unipi.it
> Subject: [Ntop-misc] Second question on pfring libpcap.so.1 file
> Message-ID:
> <CAOeD16-YT5MfyidUQNgV+EXvLaHp7GOyT3TQb5KKpoBoqJfRtQ@
> mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I sent that other message prematurely. Just one other question. Even after
> I installed the pf_ring package from the ntop.org CentOS repo, I'm not
> seeing a separate libpcap.so.1 file exclusive to pfring. Does one get
> created automatically? I'm trying to set up pfring with Bro IDS.
>
> Thanks in advance!
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170301/0bc4cfdc/attachment-0001.htm>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 2 Mar 2017 10:49:16 +0100
> From: Emanuele Faranda <faranda@ntop.org>
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] Question on using pf_ring from ntop CentOS
> repo
> Message-ID: <bc886fac-70e3-be4c-a953-ae4709b99787@ntop.org>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
>
> Hi,
>
> You don't need to manually compile the module. It will be automatically
> rebuilt from /usr/src by DKMS when needed. Starting ntopng with "service
> ntopng start" command will start PF_RING too.
>
> Regards,
> Emanuele
>
>
> On 03/01/2017 08:17 PM, Espresso Beanies wrote:
> > Hi,
> >
> > I added the ntop repo to my CentOS 7 machine and installed the pfring
> > package. I ran into an issue where I realized that although I
> > installed the package, it did not compile and load the pfring module
> > needed by my system (pf_ring.ko). Under the /usr/src directory, I was
> > able to compile and add it to modprobe. Do I have to do this every
> > time there's an update to the pfring package and how would I make this
> > module persistent across reboots?
> >
> > Thanks in advance,
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170302/b2ee45c3/attachment-0001.htm>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 2 Mar 2017 10:58:48 +0100
> From: Emanuele Faranda <faranda@ntop.org>
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] Second question on pfring libpcap.so.1 file
> Message-ID: <0afacd81-bc48-00b1-3759-5649245eaaaf@ntop.org>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
>
> Hi,
>
> In the Centos 7 release of PF_RING the libpcap library is located at
> these paths:
>
> /usr/local/lib/libpcap.so.1
>
> /usr/local/lib/libpcap.a
>
> Regards,
> Emanuele
>
>
> On 03/01/2017 08:20 PM, Espresso Beanies wrote:
> > Hi,
> >
> > I sent that other message prematurely. Just one other question. Even
> > after I installed the pf_ring package from the ntop.org
> > <http://ntop.org> CentOS repo, I'm not seeing a separate libpcap.so.1
> > file exclusive to pfring. Does one get created automatically? I'm
> > trying to set up pfring with Bro IDS.
> >
> > Thanks in advance!
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/
> attachments/20170302/64077bcc/attachment-0001.htm>
>
> ------------------------------
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> End of Ntop-misc Digest, Vol 153, Issue 1
> *****************************************
>