[Bro] Identifying interface when running with multiple interfaces
James Lay
jlay at slave-tothe-box.net
Fri Jul 25 16:42:15 PDT 2014
Hey all,
So I run bro with:
/usr/local/bin/bro --no-checksums -i eth0 -i ppp0 local
"Site::local_nets += { x.x.x.x/32,192.168.1.0/24 }" &
Is there something I can do to add a field that would let me know which
interface the traffic came in on? Obviously in this example it's pretty
simple...private IP space will be on eth0 whereas public will be on
ppp0. I am thinking of scenarios where there might be the same IP space
on several interfaces. Thanks for any guidance.
James
More information about the Bro
mailing list