[Bro] Tap configuration
Daniel Manzo
daniel.manzo at bayer.com
Fri Jan 13 05:58:25 PST 2017
I have tried disabling checksum offloading, but still no luck. Here is the ifcfg file for my eth interface:
DEVICE=eth12
ONBOOT=yes
BOOTPROTO=static
PROMISC=yes
USERCTL=no
Freundliche Grüße / Best regards,
Dan Manzo
Asst Analyst I
________________________
Bayer: Science For A Better Life
Bayer U.S. LLC
Country Platform US
Scientific Computing Competence Ctr
Bayer Road
15205 Pittsburgh (PA), United States
Tel: +1 412 7772171
Mobile: +1 412 5258332
E-mail: daniel.manzo at bayer.com
From: Neslog [mailto:neslog at gmail.com]
Sent: Thursday, January 12, 2017 4:59 PM
To: Hosom, Stephen M
Cc: Bro-IDS; Daniel Manzo
Subject: Re: [Bro] Tap configuration
I've had success disabling checksum.
ignore_checksums
On Jan 12, 2017 2:24 PM, "Hosom, Stephen M" <hosom at battelle.org<mailto:hosom at battelle.org>> wrote:
Have you looked into checksum offloading? If enabled, it can result in Bro not producing many of the logs you would expect.
From: bro-bounces at bro.org<mailto:bro-bounces at bro.org> [mailto:bro-bounces at bro.org<mailto:bro-bounces at bro.org>] On Behalf Of Daniel Manzo
Sent: Thursday, January 12, 2017 11:05 AM
To: bro at bro.org<mailto:bro at bro.org>
Subject: [Bro] Tap configuration
Hi all,
I have Bro 2.4 configured on a RHEL 6.8 server and was wondering how to properly configure the network interfaces so that Bro can see as much of the network traffic as possible. My tap is connected in line with the network, and I believe that I was previously seeing the correct traffic, but now Bro has reporting much less information. I want to make sure that I have the interfaces configured correctly before moving on to troubleshooting other areas. Currently, I have two eth interfaces set up in PROMISC mode. Thank you for the help
Best regards,
Dan Manzo
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170113/a9fe2c29/attachment.html
More information about the Bro
mailing list