[Bro] node.cfg multiple interface convention?
Chris Harwood
crharwood at gmail.com
Thu Sep 29 12:10:38 PDT 2016
Hi all,
One of my installations runs on an old linux laptop monitoring wifi traffic
exclusively in standalone.
I'm wondering what the convention is for node.cfg to add monitoring to the
wired interface as well.
The use case is, the system is taken off the wifi and restarted at a second
location for monitoring a wired connection.
Is the following node.cfg valid?
[bro]
type=standalone
host=localhost
interface=wlan0
interface=eth0
Or is a better configuration to use 2 workers, one for each interface?
Thanks in advance,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160929/5672e43a/attachment.html
More information about the Bro
mailing list