Hi,
Our Network Operations Center made some changes to the infrastructure, and
now all traffic seen by our Bro systems is tagged. As a result, Bro is
not capturing traffic (or so it seems). Is it possible to configure Bro
to remove or ignore the tags? Are there any (other) suggestions?
We are also checking with our NOC to see if they can un-tag the traffic.
Thanks!
Jon Ruggieri
University of CA, Davis
Data Center & Client Services
# Make any changes to policy starting here
@load vlan
try adding that to <machine.site.com>.bro in /usr/local/bro/site
adam
Joncarlo Ruggieri wrote:
Hi,
Our Network Operations Center made some changes to the infrastructure, and
now all traffic seen by our Bro systems is tagged. As a result, Bro is
not capturing traffic (or so it seems). Is it possible to configure Bro
to remove or ignore the tags? Are there any (other) suggestions?We are also checking with our NOC to see if they can un-tag the traffic.
Thanks!
Jon Ruggieri
University of CA, Davis
Data Center & Client Services_______________________________________________
Bro mailing list
bro@bro-ids.org
mailman.icsi.berkeley.edu Mailing Lists
You are referring to vlan tagging? If so, try adding vlan.bro policy to your config and you should get better results. Note this will prevent you from seeing any non-vlan traffic.
scott