Can the traffic through the device be logged to an external storage?

Comments

1 comment

  • Avatar
    Jeremy Markle

    The red and blue I believe has SSH support. Through that you could get the blacklisted addresses via ipset. Not sure about a complete walkthrough since I don't have a working system right now, I never got my aarch64 developer license (nudge nudge wink wink) and had to tear it down and repurpose the gear.

    I'm sure you could rake it over and find a log of accessed endpoints but that would be very chatty and most likely drastically hinder performance. Could probably get it out of Bro but writing to storage would be very IO intensive as SDCards aren't fast and depending on the throughput you could find it kills your SDCard write cycles. Other things like filesystem corruption and other junk if its mounted RW. A USB flash drive would perform better... probably best would be to get bro to log to syslog and use rsyslog to write log to USB. Set up pubkey auth and SCP the file out and parse it with python or something to extract addresses.

    Just throwing out some ideas... none very good.

Please sign in to leave a comment.

Powered by Zendesk