Hey all...so here's my line:
/usr/sbin/bro -i eth4 -i eth5 local Site::local_nets += { externalip/mask }
I was thinking this was working, but alas, I see in my email packet captures that I think it's only listening on one interface as bro has missed an email that came by..I have no record of it anywhere. Is this not the right way to get this to work? I don't want to use broctl since the cpu usage is far too high. Thank you for any tips you may have.
James