[Bro] Multiple Capture Interfaces

William Jones jones at tacc.utexas.edu
Thu Jun 10 15:10:26 PDT 2010


I run taps too and the use the following config perwork:

[worker-4]
#NLR
type=worker
host=homey1.tacc.utexas.edu
interface=eth4.3021 -i eth5.3021
aux_scripts=q1

The aux_scripts set up a filter so that worker only sees a portion of the ips space, in my cases ¼ per work per tap.

Bill Jones

From: bro-bounces at ICSI.Berkeley.EDU [mailto:bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Alan J. Meeks
Sent: Thursday, June 10, 2010 3:17 PM
To: 'bro at ICSI.Berkeley.EDU'
Subject: [Bro] Multiple Capture Interfaces

I am a new user of Bro.  I've installed ver 1.5.1 and I can run just fine with a single interface (whichever one is specified in node.cfg) but I can't seem to get other capture interfaces running.   I am set up with 4 ethernet interfaces, three of which are taps to different locations within my network and one to the local subnet where the server is located.

What additional information can I provide that might help identify the issue?


Alan Meeks
Information Security Analyst
Angelo State University
www.angelo.edu
325-942-2333 phone
325-942-2109 fax

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100610/d4c926ba/attachment.html 


More information about the Bro mailing list