[Bro] node.cfg multiple interface convention?
Johanna Amann
johanna at icir.org
Fri Sep 30 14:05:25 PDT 2016
Hello Chris,
no, the given node.cfg is not valid, you can only specify one interface
for a standalone node. The best solution would probably be to use 2
workers, one for each interface. There is a workaround that should still
work, where you give the interface as "wlan0 -i eth0", (see
https://bro-tracker.atlassian.net/browse/BIT-12), which I think still
works, but that might break anytime.
Johanna
On Thu, Sep 29, 2016 at 12:10:38PM -0700, Chris Harwood wrote:
> Hi all,
>
> One of my installations runs on an old linux laptop monitoring wifi traffic
> exclusively in standalone.
>
> I'm wondering what the convention is for node.cfg to add monitoring to the
> wired interface as well.
>
> The use case is, the system is taken off the wifi and restarted at a second
> location for monitoring a wired connection.
>
> Is the following node.cfg valid?
>
> [bro]
> type=standalone
> host=localhost
> interface=wlan0
> interface=eth0
>
> Or is a better configuration to use 2 workers, one for each interface?
>
> Thanks in advance,
>
> Chris
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list