[Bro] Multiple Capture Interfaces
Alan J. Meeks
alan.meeks at angelo.edu
Fri Jun 11 07:04:33 PDT 2010
Thank you. I had somehow missed that I could pass multiple interface arguments to broctl through the interface line in node.cfg that way. I've modified the interface line and bro is now capturing on all four interfaces simultaneously.
From: William Jones [mailto:jones at tacc.utexas.edu]
Sent: Thursday, June 10, 2010 5:10 PM
To: Alan J. Meeks; 'bro at ICSI.Berkeley.EDU'
Subject: RE: Multiple Capture Interfaces
I run taps too and the use the following config perwork:
interface=eth4.3021 -i eth5.3021
The aux_scripts set up a filter so that worker only sees a portion of the ips space, in my cases ¼ per work per tap.
From: bro-bounces at ICSI.Berkeley.EDU [mailto:bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Alan J. Meeks
Sent: Thursday, June 10, 2010 3:17 PM
To: 'bro at ICSI.Berkeley.EDU'
Subject: [Bro] Multiple Capture Interfaces
I am a new user of Bro. I've installed ver 1.5.1 and I can run just fine with a single interface (whichever one is specified in node.cfg) but I can't seem to get other capture interfaces running. I am set up with 4 ethernet interfaces, three of which are taps to different locations within my network and one to the local subnet where the server is located.
What additional information can I provide that might help identify the issue?
Information Security Analyst
Angelo State University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro