J-Gras
commented
2 years ago As far as I know, a single Zeek process can only listen to a single interface. Thus, you might try setting up a cluster with two workers, each listening to one of the interfaces.
Note that this is not the right place to ask for general advice about operating Zeek. Please use the Zeek community resources such as Discourse and Slack for follow-ups or further questions: https://zeek.org/community/
This script is applicable to the cluster pattern. In standalone mode, now I have the need to listen to two interfaces on a network, how should I operate? Hope to give some guidance.Thank you.