[Bro] ERSPAN & Missing Logs
Kyle Reidell
kir215 at email.vccs.edu
Tue Jun 27 13:30:45 PDT 2017
Hello all,
I am attempting to monitor a Cisco CSR1000v within AWS via ERSPAN. Through
my research, I am running Bro version 2.5-147 on an AWS Linux AMI and have
uploaded a pcap containing ERSPAN data which I have been able to read;
however, the only log files that are being created from Bro/live traffic
are the following:
capture_loss
stats
stderr
stdout
weird
communication
As a test, I have used tcpdump to capture packets on the configured
interface (mon0) which sees plenty of traffic, however, I still cannot see
the corresponding logs from Bro.
Any help would be greatly appreciated!!
Thank you,
Planearium
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170627/13684ce9/attachment.html
More information about the Bro
mailing list