我有三台流浪机器,logger、host1 和 host2。我已经在记录器 VM 上设置了 Zeek。Host1 正在运行 apache 服务器。现在,当我从 host2 VM 与在 host1 上运行的 apache 服务器通信时,我希望 Zeek 记录 http 流量。但是 Zeek 只记录记录器 VM 上的流量,而不记录其他 VM。我什至添加了 promisc 模式,但它似乎不起作用。
Vagrant.configure("2") do |config|
config.vm.define "logger" do |cfg|
cfg.vm.box = "bento/ubuntu-20.04"
cfg.vm.hostname = "logger"
cfg.vm.provision :shell, path: "bootstrap.sh"
cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8"
cfg.vm.provider "virtualbox" do |vb, override|
vb.name = "logger"
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 2]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
config.vm.define "host2" do |cfg|
cfg.vm.box = "bento/ubuntu-20.04"
cfg.vm.hostname = "host2"
cfg.vm.provision :shell, path: "bootstrap-zeek-agent.sh", args: "192.168.38.104 0"
cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "8.8.8.8"
cfg.vm.provider "virtualbox" do |vb, override|
vb.name = "host2"
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 2]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
config.vm.define "host3" do |cfg|
cfg.vm.box = "bento/ubuntu-20.04"
cfg.vm.hostname = "host3"
cfg.vm.provision :shell, path: "bootstrap-zeek-agent.sh", args: "192.168.38.103 0"
cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "8.8.8.8"
cfg.vm.provider "virtualbox" do |vb, override|
vb.name = "host3"
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 2]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
end