Please note there is a bug in Bro 2.1 when monitoring multiple interfaces with PF_RING that results in traffic loss. If you're monitoring multiple interfaces, we'll configure Bro to disable PF_RING load balancing to avoid this issue. We'll record your desired number of PF_RING CPU cores for when Bro 2.2 is released.
This resolves the following issue:Issue 317: Setup should disable Bro's PF_RING load balancing config when monitoring multiple NICs
The new package has been tested by Matt Gregory. Thanks, Matt!
If you're performing a new installation, it's important to update your packages right after you've completed the Ubuntu installer and BEFORE running Setup. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
If you have any questions or problems, please use our mailing list:
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!