node.cfg multiple interface convention?

Chris_Harwood · September 29, 2016, 7:10pm

Hi all,

One of my installations runs on an old linux laptop monitoring wifi traffic exclusively in standalone.

I’m wondering what the convention is for node.cfg to add monitoring to the wired interface as well.

The use case is, the system is taken off the wifi and restarted at a second location for monitoring a wired connection.

Is the following node.cfg valid?

[bro]
type=standalone
host=localhost
interface=wlan0
interface=eth0

Or is a better configuration to use 2 workers, one for each interface?

Thanks in advance,

Chris

johanna · September 30, 2016, 9:05pm

Hello Chris,

no, the given node.cfg is not valid, you can only specify one interface
for a standalone node. The best solution would probably be to use 2
workers, one for each interface. There is a workaround that should still
work, where you give the interface as "wlan0 -i eth0", (see
https://bro-tracker.atlassian.net/browse/BIT-12), which I think still
works, but that might break anytime.

Johanna

Topic		Replies	Views
Using multiple interfaces standalone configuration Zeek	2	387	May 14, 2024
Example node.cfg for Multi-Interface collection on one box Zeek	4	143	May 6, 2022
Question about listening on multiple interfaces Zeek	3	140	May 6, 2022
On Bro's configuration file Zeek	1	145	May 6, 2022
multiple interfaces using PFRing Zeek	1	102	May 6, 2022

node.cfg multiple interface convention?

Related topics