[
https://issues.apache.org/jira/browse/METRON-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15349656#comment-15349656
]
ASF GitHub Bot commented on METRON-259:
---------------------------------------
Github user dlyle65535 commented on the issue:
https://github.com/apache/incubator-metron/pull/176
I don't agree that using "any" works fine for either general or
demonstration/development purposes. If we don't sniff the same interface with
all the sensors, we get events that are uncorrelated with the rest of the
sensor stack. Additionally, we'll see events that have no pcap backup.
Kind of related - there is a a production use case for the tap0 interface.
You can direct all interfaces of interest to to the tap interface and sniff
that.
Is there any reason to not investigate making this work using the sniff
interface before falling back to "any"?
> ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
> ------------------------------------------------------------
>
> Key: METRON-259
> URL: https://issues.apache.org/jira/browse/METRON-259
> Project: Metron
> Issue Type: Bug
> Reporter: Nick Allen
> Attachments: ansible (2).log
>
>
> 2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home
> network] ******************************************
> 2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
> [ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
> true, "msg": "ERROR! ERROR! 'dict object' has no attribute
> u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
