[Bro] Weird stuff in weird.log?
pfranzel at t-online.de
Sun Apr 21 03:23:20 PDT 2013
I am experiencing the same problem in the weired.log here as using one
interface defined for the WAN and one for the LAN traffic (between there
is a firewall and a loadbalancer with ssl-offload).
I am using the following node configuration:
[worker-1] --> WAN Connection
[worker-2] --> LAN Connection
[worker-3] --> dedicated line between two DCs
Question: What I meaningfully should do to get rid of this:
--> Running one bro cluster/instance for each interface?
--> Or is there are way to do it by an other configuration change?
Am 21.04.2013 11:05, schrieb Vern Paxson:
>> I suspect that it is due to the fact that I am spanning
>> multiple VLANs that Bro sees, with traffic both before and after
>> loabalancers and NATs etc. so it kind-of sees the whole chain of packets
>> from outside the firewall, before / after loadbalancer behind firewall
>> and finally the traffic behind the loadbalancers/firewalls...would that
>> in some way explain the weird.log stuff shown here?
> That for sure would explain these sorts of "weird" messages, since they
> all relate to Bro reporting that it's not seeing a single consistent
> picture of (bidirectional) network flows.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro