[Bro] ERSPAN & Missing Logs
kir215 at email.vccs.edu
Tue Jun 27 13:30:45 PDT 2017
I am attempting to monitor a Cisco CSR1000v within AWS via ERSPAN. Through
my research, I am running Bro version 2.5-147 on an AWS Linux AMI and have
uploaded a pcap containing ERSPAN data which I have been able to read;
however, the only log files that are being created from Bro/live traffic
are the following:
As a test, I have used tcpdump to capture packets on the configured
interface (mon0) which sees plenty of traffic, however, I still cannot see
the corresponding logs from Bro.
Any help would be greatly appreciated!!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro