Replies: 1 comment
-
Yes:
Yes:
You could connect the monitor interface to a SPAN port on a switch OR to a dedicated tap:
When you build a forward node, it will ask which interface should be the monitor interface and it will do everything for you:
When you say |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Are we able to add a monitoring interface on the forward node to send the zeek and suricata logs to the manager? We have a search manager that only has 1 NIC, so would it be possible to deploy a forward node with 2 NICs and having one be a monitor interface? Would we then set that up as a SPAN? Also is there some documentation on how to set up that monitor interface to get those logs? Besides so-monitor-add? We tried that on the Search Manager and it couldnt find bond0 after we added a new NIC to be the monitor NIC. We are not currently seeing any network logs on kibana even though zeek and suricata services are running fine. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions