[Zeek] Using af_packet in a host with two nics
Carlos Lopez
clopmz at outlook.com
Mon Jan 28 11:16:54 PST 2019
Hi all,
Is not posible to start a zeek's worker with two network interfaces using AF_Packet as a data acquisition? I have tried using the following config:
[prod-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth2
#
[dmz-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth3
... But fails. And I have tried using " interface=' af_packet::eth2 -i af_packet::eth3' and it doesn't work also ... So, is it not possible to use af_packet to sniff two nics?
I am using Zeek 2.6.1 with af_packet plugin installed.
Regards,
C. L. Martinez
More information about the Zeek
mailing list