[Bro] Multiple Capture Interfaces

[Seth Hall]

On Jun 11, 2010, at 10:54 AM, William Jones wrote:

> It easy to miss sense it’s an undocumented feature J

Unfortunately, the reason it's undocumented is because (while it does work) it's not a recommended solution because it breaks several other features in broctl.

Better ways to accomplish the same thing are to..
1. Bridge your interfaces together in your operating system to present a single interface to Bro.
2. Run Bro as a cluster where each worker node runs on the same box but sniff different interfaces.

  .Seth