[Bro] node.cfg multiple interface convention?
johanna at icir.org
Fri Sep 30 14:05:25 PDT 2016
no, the given node.cfg is not valid, you can only specify one interface
for a standalone node. The best solution would probably be to use 2
workers, one for each interface. There is a workaround that should still
work, where you give the interface as "wlan0 -i eth0", (see
https://bro-tracker.atlassian.net/browse/BIT-12), which I think still
works, but that might break anytime.
On Thu, Sep 29, 2016 at 12:10:38PM -0700, Chris Harwood wrote:
> Hi all,
> One of my installations runs on an old linux laptop monitoring wifi traffic
> exclusively in standalone.
> I'm wondering what the convention is for node.cfg to add monitoring to the
> wired interface as well.
> The use case is, the system is taken off the wifi and restarted at a second
> location for monitoring a wired connection.
> Is the following node.cfg valid?
> Or is a better configuration to use 2 workers, one for each interface?
> Thanks in advance,
> Bro mailing list
> bro at bro-ids.org
More information about the Bro