Hi guys, I'm trying to setup security onion in proxmox and I'm running into some issues monitoring traffic, basically I'm not seeing any packets.
I don't want to monitor traffic from my actual NIC on my proxmox host, because in my lab, my VMs are behind my opnsense.
My securityonion vm has 2 Network devices:
- net0: Linux Bridge vmbr1 connecting the vm to my lab network behind the opnsense
- net1: This is supposed to be my monitoring interface. Not sure if this is supposed to be a Linux Bridge or OVS Bridge. I've tried both, but without success.
I did try the solution shown here
(400) being the ID of my securityonion vm, but I'm getting the following error everytime
How do I configure net1 to mirror all traffic on vmbr1? Can someone point me in the right direction? Do I have to setup net1 to be a Linux Bridge or OVS Bridge? Any help would be much appreciated.
I don't want to monitor traffic from my actual NIC on my proxmox host, because in my lab, my VMs are behind my opnsense.
My securityonion vm has 2 Network devices:
- net0: Linux Bridge vmbr1 connecting the vm to my lab network behind the opnsense
- net1: This is supposed to be my monitoring interface. Not sure if this is supposed to be a Linux Bridge or OVS Bridge. I've tried both, but without success.
I did try the solution shown here
ovs-vsctl -- --id=@p get port tap400i1 \
-- --id=@m create mirror name=span1 select-all=true output-port=@p \
-- set bridge vmbr1 mirrors=@m(400) being the ID of my securityonion vm, but I'm getting the following error everytime
ovs-vsctl: no row "tap400i1" in table PortHow do I configure net1 to mirror all traffic on vmbr1? Can someone point me in the right direction? Do I have to setup net1 to be a Linux Bridge or OVS Bridge? Any help would be much appreciated.
Last edited: