[Bro] Multiple interfaces on 2.2-beta-4

Justin Azoff JAzoff at albany.edu
Thu Sep 26 19:37:53 PDT 2013


On Thu, Sep 26, 2013 at 10:27:29PM -0400, Seth Hall wrote:
> I guess I don't really know what to say, sniffing multiple interfaces was never something we actually supported when you run Bro with broctl and we continue not to support it.  Generally we recommend merging multiple streams of traffic upstream of where Bro receives the packets.

What about with something like:

[worker-1]
type=worker
host=localhost
interface=eth0

[worker-2]
type=worker
host=localhost
interface=eth1

as long as those aren't half streams from a tap, that should work,
right?

-- 
-- Justin Azoff
-- Network Security & Performance Analyst



More information about the Bro mailing list