9 Apr
2021
9 Apr
'21
8:09 p.m.
Guys, I'm looking into Zeek and unfortunately I don't have a second ethernet port on my main system, so it's not clear how I'd run a span port off my main switch to grab traffic. What hardware do people recommend for a zeek data collection node? I guess I could spin up my old WRAP board (http://www.pcengines.ch) which I used as my main router for years before I replaced it recently. But it's not super fast. It's got three 1gb ports, and 4gb of RAM with a 1Ghz single core AMD CPU. So it might do the job, esp since I can install Debian Buster on there without too much trouble. Sweet! John