[Zeek] First attempt to upgrade to 3: Multiple interfaces
Tim Wojtulewicz
tim at corelight.com
Tue Mar 3 11:28:47 PST 2020
If you don’t really need the latest and greatest cutting edge changes to 3.1, version 3.0.x still supports multiple interfaces. That feature was removed in 3.1 due to the wide changes to the IO Loop architecture, and you’re honestly the first user I’ve heard from that has noticed it missing. It was removed to make that work easier to accomplish, but we can certainly investigate bringing it back if there’s enough of a use case for it.
Tim
> On Mar 3, 2020, at 12:03 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> Welp...out of luck so far:
>
> /opt/zeek/bin/zeek -C -i eth0 -i eth1 --filter '<redacted>' local
> "Site::local_nets += { 192.168.1.0/24 }"
>
> gets me:
>
> ERROR: Only a single interface option (-i) is allowed.
>
> I didn't have this issue with 2. Any reason why only one interface is
> allowed now? Unless something radical has changed with the resources
> that zeekctl uses I have no desire to use it. I'm dead in the water
> with Zeek as of now. Thank you.
>
> James
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list