[Bro] Tap configuration
Hosom, Stephen M
hosom at battelle.org
Thu Jan 12 11:21:14 PST 2017
Have you looked into checksum offloading? If enabled, it can result in Bro not producing many of the logs you would expect.
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Daniel Manzo
Sent: Thursday, January 12, 2017 11:05 AM
To: bro at bro.org
Subject: [Bro] Tap configuration
Hi all,
I have Bro 2.4 configured on a RHEL 6.8 server and was wondering how to properly configure the network interfaces so that Bro can see as much of the network traffic as possible. My tap is connected in line with the network, and I believe that I was previously seeing the correct traffic, but now Bro has reporting much less information. I want to make sure that I have the interfaces configured correctly before moving on to troubleshooting other areas. Currently, I have two eth interfaces set up in PROMISC mode. Thank you for the help
Best regards,
Dan Manzo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170112/eab0153b/attachment.html
More information about the Bro
mailing list