[Bro] Weird stuff in weird.log?
vern at icir.org
Sun Apr 21 02:05:49 PDT 2013
> I suspect that it is due to the fact that I am spanning
> multiple VLANs that Bro sees, with traffic both before and after
> loabalancers and NATs etc. so it kind-of sees the whole chain of packets
> from outside the firewall, before / after loadbalancer behind firewall
> and finally the traffic behind the loadbalancers/firewalls...would that
> in some way explain the weird.log stuff shown here?
That for sure would explain these sorts of "weird" messages, since they
all relate to Bro reporting that it's not seeing a single consistent
picture of (bidirectional) network flows.
More information about the Bro