[Zeek] Parsing Gigamon Source Interface tagging into logs

[Dominic Evert]

Hello, and good afternoon all,

My team and I currently have several different inline taps on a single
gigamon, due to hardware limitations we're unable to map them
separately and parse the difference in tap locations based on nic in our
sensor stack, so we're currently tagging our traffic using the gigamon,
which appends a 21 byte "header" to the end of each packet varying
dependent on the collection interface. We were hoping someone has run into
a similar issue before, and would be willing to share, before we have to
build/modify a plugin to handle it.
Thank you for your time!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200210/bae608c0/attachment.html