Example node.cfg for Multi-Interface collection on one box

I’m having trouble finding complete documentation on how to configure a bro instance for monitoring multiple interfaces on the same host.

[bro]

type=standalone

host=localhost

interface=eth1

What needs to change to monitor eth1 & eth2?

Assuming you're using broctl, add:

broargs = -i eth2

to your broctl.cfg file

James

Advanced Setup will prompt you to configure as may interfaces as you wish.

Chuck

Disregard my advice… that was specifically for Security Onion.

Chuck