[Snort-users] listing daq-vars and confirming the cluster type of pfring

Charlie Dyer charlierwdyer at ...11827...
Fri May 12 09:25:39 EDT 2017


Hello list

Could someone tell me if there is a way of listing all the variables you
can pass to the daq-vars option?
I've tried looking in various header files but can't find anything.
The reason I ask is to confirm what type of clustering pf_ring is using and
whether you can tell it to use one type or the other. As I understand it
from reading the pfring code, the type is either round-robin (the default)
or flow-5-tuple, how can I tell snort/pfring/daq to use flow-5-tuple?
It would be good to understand what all the daq-var variable are and what
they do/how they affect snort.

Many thanks in advance

Charles



More information about the Snort-users mailing list