ERSPAN monitoring #9677
Replies: 2 comments
-
|
Have you included the new sniffing interface to bond0? If not you can do so by running the command so-monitor-add |
Beta Was this translation helpful? Give feedback.
-
|
Are you trying to get ERSPAN traffic from router1 directly over the network and into router2? Is the destination address for your ERSPAN configuration is the MGMT address for Security Onion? Sending traffic to the Security Onion MGMT port will not work for ingesting traffic My understanding of ERSPAN is you need another L3 device to receive that traffic and relay it to its final destination. So in this case you would send traffic from router1 -> over your network -> router2 which de-encapsulates the traffic and can forward the traffic to its final destination (Security Onion monitor port) Here is a image of two L3 devices using ERSPAN |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hallo,
please can you help me how to configure ERSPAN session to SecurityOnion? I see only interface from the management port. I configure in NMTUI interface on IPv4. On interface I see counting data traffic (ifconfig) , but in Security Onion I dont see any load in graph in the monitoring interface. I tried so-monitor-add interface, but nothing happend.
Thank you VB
Beta Was this translation helpful? Give feedback.
All reactions