[Bro] Tap configuration
Neslog
neslog at gmail.com
Thu Jan 12 13:59:20 PST 2017
I've had success disabling checksum.
ignore_checksums
On Jan 12, 2017 2:24 PM, "Hosom, Stephen M" <hosom at battelle.org> wrote:
> Have you looked into checksum offloading? If enabled, it can result in Bro
> not producing many of the logs you would expect.
>
>
>
> *From:* bro-bounces at bro.org [mailto:bro-bounces at bro.org] *On Behalf Of *Daniel
> Manzo
> *Sent:* Thursday, January 12, 2017 11:05 AM
> *To:* bro at bro.org
> *Subject:* [Bro] Tap configuration
>
>
>
> Hi all,
>
>
>
> I have Bro 2.4 configured on a RHEL 6.8 server and was wondering how to
> properly configure the network interfaces so that Bro can see as much of
> the network traffic as possible. My tap is connected in line with the
> network, and I believe that I was previously seeing the correct traffic,
> but now Bro has reporting much less information. I want to make sure that I
> have the interfaces configured correctly before moving on to
> troubleshooting other areas. Currently, I have two eth interfaces set up in
> PROMISC mode. Thank you for the help
>
>
>
> Best regards,
>
> Dan Manzo
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170112/242fbb8e/attachment.html
More information about the Bro
mailing list