Hi were are using Dell R230's with an additional quad port card for network captures, streaming in traffic from our NetOptics Taps. On bro 2.4.1 what is the best way to configure it to listed on all 4 interfaces? Would we set that up in node.cfg and create 4 worker processes so that we can use broctl? Or can we specify it in BRO_CAPTURE_INTERFACE=" eth2 eth3 eth4 eth5". Or is there a command line bro with options?
Is PF_RING needed?
CentOS 7.2.1511 minimal install server Dell R220