Bro seems to have all the logs except http and dns. If I run a quick tcpdump on my interface for port 80 and 53, I do see event.
Anything else I can troubleshoot for?
Thanks
Monah
have you checked if your interfaces are running in promiscuous mode?
netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 463397 0 10 0 521906 0 0 0 BMRU
eth1 1500 0 299482016 0 28 0 8 0 0 0 BMRU
eth1 is my listening interface
Thanks
Yes it is.
eth1 Link encap:Ethernet HWaddr 00:50:56:8b:0f:0a
inet6 addr: fe80::250:56ff:fe8b:f0a/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:300657037 errors:0 dropped:28 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:193217271566 (193.2 GB) TX bytes:648 (648.0 B)