28 Jan
2019
28 Jan
'19
11:33 p.m.
Thanks Michal. Error is "Invalid argument" ... But what is
"af_packet_fanout_id"? is it a random value?
Regards,
C. L. Martinez
________________________________________
From: Michał Purzyński <michalpurzynski1(a)gmail.com>
Sent: 28 January 2019 21:48
To: Carlos Lopez
Cc: zeek(a)zeek.org
Subject: Re: [Zeek] Using af_packet in a host with two nics
It is, unfortunately, impossible to tell, without you telling us how
it failed and what the error messages were. I will take a wild guess -
you need to specify a different cluster ID for each card.
The original code here
https://github.com/J-Gras/bro-af_packet-plugin
And it tells how to do that with
af_packet_fanout_id=23
On Mon, Jan 28, 2019 at 11:26 AM Carlos Lopez <clopmz(a)outlook.com> wrote:
Hi all,
Is not posible to start a zeek's worker with two network interfaces using AF_Packet
as a data acquisition? I have tried using the following config:
[prod-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth2
#
[dmz-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth3
... But fails. And I have tried using " interface=' af_packet::eth2 -i
af_packet::eth3' and it doesn't work also ... So, is it not possible to use
af_packet to sniff two nics?
I am using Zeek 2.6.1 with af_packet plugin installed.
Regards,
C. L. Martinez
_______________________________________________
Zeek mailing list
zeek(a)zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek