Cant get ZEEK to start collecting data #6203
-
|
Greetings to the great community of SO, So im new to this i just downloaded and installed security onion i have created 2 network cards at my ESXI, one directly connected to a cisco 9300 switch that will serve as a monitoring port and one directly connected to a fortigate firewall (i have created the lab network at the firewall so that i can apply rules about connections like a DMZ). When i start security onion tho zeek doesnt collect anything. The port on the switch is a trunk port and what i did is started a monitor session on the switch with source port the UPLINK to the core network so that i can ingest all the traffic and destination port the TRUNK port. In ESXI the network card seems connected and in promiscuous mode. Did i miss something at the configuration?? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Cisco and ESXI configuration are beyond this scope of this Security Onion discussion forum. You could run tcpdump on each of your network interfaces to see if perhaps the traffic is going to the wrong interface. |
Beta Was this translation helpful? Give feedback.
Cisco and ESXI configuration are beyond this scope of this Security Onion discussion forum. You could run tcpdump on each of your network interfaces to see if perhaps the traffic is going to the wrong interface.