[Zeek] ERSPAN / GRE - weird log
Justin Azoff
justin at corelight.com
Mon Nov 4 07:13:05 PST 2019
On Mon, Nov 4, 2019 at 10:07 AM Ralph R. Rye <ralph.rye at gmail.com> wrote:
> Hoping to see if someone has gotten Zeek to work with ERSPAN span sessions.
>
> I am doing ERSPAN from a Cisco Nexus switch to a VMware host. I can see
> the traffic at the host and do tcpdump captures without any problems.
>
> When attempting to use Zeek (3.0 or 2.6.3) all I get is entries in the
> weird log for the ERSPAN traffic.
>
2.6 would definitely not work, but 3.0 has support for this:
https://github.com/zeek/zeek/commit/d9533e9616c5e9e34e811b6db57700be8ab61544
What exactly are you getting in the weird.log on 3.0 ?
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191104/dc49f2fb/attachment.html
More information about the Zeek
mailing list