<div dir="ltr">This<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">"suricata --pidfile -c suricata.yaml --af-packet -D"</span><br>
</div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div style><span style="font-family:arial,sans-serif;font-size:13px">works fine, as long as the interfaces are configured in the yaml.</span></div>
<div style><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div style><span style="font-family:arial,sans-serif;font-size:13px">Thanks!</span></div><div style><span style="font-family:arial,sans-serif;font-size:13px">Ted</span></div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Oct 31, 2013 at 2:08 PM, Eric Leblond <span dir="ltr"><<a href="mailto:eric@regit.org" target="_blank">eric@regit.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Le jeudi 31 octobre 2013 à 20:52 +0000, Chris Edwards a écrit :<br>
<div class="im">> On Thu, 31 Oct 2013, Kevin Branch wrote:<br>
><br>
> > As to whether you can point a single instance of suricata at multiple<br>
> > interfaces in this way<br>
><br>
> Yep, you absolutely can - no need to faff around with bonding interfaces.<br>
> Our cmdline args are:<br>
><br>
> suricata --pidfile -c suricata.yaml --af-packet=eth1 --af-packet=eth2 -D<br>
><br>
> and it captures from both interfaces just fine :-)<br>
<br>
</div>Or you can just run<br>
<br>
suricata --pidfile -c suricata.yaml --af-packet -D<br>
<br>
to run a suricata sniffing all the interfaces defined in the yaml.<br>
<br>
BR,<br>
<span class="HOEnZb"><font color="#888888">--<br>
Eric Leblond <<a href="mailto:eric@regit.org">eric@regit.org</a>><br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</div></div></blockquote></div><br></div>