I’m having trouble finding complete documentation on how to configure a bro instance for monitoring multiple interfaces on the same host.
[bro]
type=standalone
host=localhost
interface=eth1
What needs to change to monitor eth1 & eth2?
I’m having trouble finding complete documentation on how to configure a bro instance for monitoring multiple interfaces on the same host.
[bro]
type=standalone
host=localhost
interface=eth1
What needs to change to monitor eth1 & eth2?
Assuming you're using broctl, add:
broargs = -i eth2
to your broctl.cfg file
James
Advanced Setup will prompt you to configure as may interfaces as you wish.
Chuck
Disregard my advice… that was specifically for Security Onion.
Chuck