[Bro] [EXTERNAL] Re: Multiple interfaces on 2.2-beta-4
Thomas, Eric D
edthoma at sandia.gov
Fri Sep 27 06:55:21 PDT 2013
Thanks all for the replies. I'll try them all, starting with the easiest.
For the record, the interfaces are both half streams, so I don't think the
cluster method will work.
--
Eric Thomas
edthoma at sandia.gov
On 9/26/13 7:37 PM, "Justin Azoff" <JAzoff at albany.edu> wrote:
>On Thu, Sep 26, 2013 at 10:27:29PM -0400, Seth Hall wrote:
>> I guess I don't really know what to say, sniffing multiple interfaces
>>was never something we actually supported when you run Bro with broctl
>>and we continue not to support it. Generally we recommend merging
>>multiple streams of traffic upstream of where Bro receives the packets.
>
>What about with something like:
>
>[worker-1]
>type=worker
>host=localhost
>interface=eth0
>
>[worker-2]
>type=worker
>host=localhost
>interface=eth1
>
>as long as those aren't half streams from a tap, that should work,
>right?
>
>--
>-- Justin Azoff
>-- Network Security & Performance Analyst
More information about the Bro
mailing list