<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;margin:0px;line-height:auto">Thanks Kevin!</div> <br> <div id="bloop_sign_1542753295292860928" class="bloop_sign"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:14px;font-family:roboto,sans-serif"><strong><span style="color:rgb(0,0,0)">Thanks,<br>Jordon Carpenter</span></strong></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><a href="https://www.rooksecurity.com/" target="_blank" style="color:rgb(0,0,0)">Rook Security</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><em><span style="color:rgb(0,0,0)">Anticipate, Manage, & Eliminate Threats</span></em></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">O: <a href="tel:(888)%20712-9531" value="+18887129531" target="_blank" style="color:rgb(17,85,204)">888.712.9531 x734</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:calibri,sans-serif"><span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" target="_blank" style="color:rgb(17,85,204)">jordon.carpenter@rooksecurity.<wbr>com</a><br><br></span><span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookteam" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" border="0" alt="rookteam" class="CToWUd"></a>    <a href="https://twitter.com/rooksecurity" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" border="0" alt="rooksecurity" class="CToWUd"></a>    <a href="https://www.linkedin.com/company/rook-security" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" border="0" alt="Rook LinkedIn" class="CToWUd"></a></span><br><br><br><span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.</span></span></span></div> <br><p class="airmail_on">On November 20, 2018 at 5:31:13 PM, Kevin Branch (<a href="mailto:kevin@branchnetconsulting.com">kevin@branchnetconsulting.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>


<title></title>


<div dir="ltr">I've used Suricata on 5 interfaces at once with good
results, actually a separate instance per interface and multiple
threads per instance, but all on the same physical box.  I
don't think the main limit is interface count but raw traffic
volume to be processed.  If you have
<div>enough memory and cores to spread around, and your rule set is
trimmed down well and your BPF filters are tuning out waste noise,
you can do quite a bit of Suricata monitoring on a single
box.  Keep an eye on packet loss at the kernel and PF_RING
levels, as well as CPU and memory utilization levels.</div>
<div><br></div>
<div>Kevin</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Tue, Nov 20, 2018 at 5:22 PM Jordon Carpenter
<<a href="mailto:jordon.carpenter@rooksecurity.com">jordon.carpenter@rooksecurity.com</a>>
wrote:<br></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
<div id="m_-5119053135836859181bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;margin:0px;line-height:auto">
Is there a limit on the amount of interfaces Suricata can Monitor?
I have done two and have been successful, but needing to bump it up
to 3. Currently using pf_ring and Suricata 4.1. </div>
<br>
<div id="m_-5119053135836859181bloop_sign_1542752396326620928" class="m_-5119053135836859181bloop_sign"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:14px;font-family:roboto,sans-serif">
<strong><span style="color:rgb(0,0,0)">Thanks,<br>
Jordon Carpenter</span></strong></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">

<span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
<a href="https://www.rooksecurity.com/" style="color:rgb(0,0,0)" target="_blank">Rook Security</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">

<span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
<em><span style="color:rgb(0,0,0)">Anticipate, Manage, &
Eliminate Threats</span></em></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">

<br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">

<span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
O: <a href="tel:(888)%20712-9531" value="+18887129531" style="color:rgb(17,85,204)" target="_blank">888.712.9531
x734</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">

<span style="font-variant-ligatures:normal;font-size:12px;font-family:calibri,sans-serif">
<span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" style="color:rgb(17,85,204)" target="_blank">jordon.carpenter@rooksecurity.com</a><br>
<br></span><span style="font-family:roboto,sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_rookteam&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=rUD7HXgj_yFzXwpR_ckCD2FwtCOJF4kYhu7dMrKV3jQ&e=" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" border="0" alt="rookteam" class="m_-5119053135836859181CToWUd"></a>    <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_rooksecurity&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=1RP_ZRnYP0Q7BG-W_QYgMRcF4jOdWAK_IN0kwDAZ7WM&e=" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" border="0" alt="rooksecurity" class="m_-5119053135836859181CToWUd"></a>    <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_rook-2Dsecurity&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=13uidg5kyboXY2ReLbD2lPqBCpE82rKm9vXOvuZ3n3I&e=" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" border="0" alt="Rook LinkedIn" class="m_-5119053135836859181CToWUd"></a></span><br>
<br>
<br>
<span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain
confidential and privileged material for the sole use of the
intended recipient. Any review, use, distribution or disclosure by
others is strictly prohibited. If you are not the intended
recipient (or authorized to receive for the recipient), please
contact the sender by reply e-mail and delete all copies of this
message.</span></span></span></div>
</div>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__suricata-2Dids.org&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=Za_iiZMFbehx0BVkTTEHd4tMx8rtNIkKAcrCImW2dQk&e=" rel="noreferrer" target="_blank"></a><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__suricata-2Dids.org&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=Za_iiZMFbehx0BVkTTEHd4tMx8rtNIkKAcrCImW2dQk&e=">http://suricata-ids.org</a>
| Support: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__suricata-2Dids.org_support_&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=TL3pnZZ-mP0OH4_U3l6bCn1ue8rOp4ULCx8ZR-f1qis&e=" rel="noreferrer" target="_blank"></a><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__suricata-2Dids.org_support_&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=TL3pnZZ-mP0OH4_U3l6bCn1ue8rOp4ULCx8ZR-f1qis&e=">http://suricata-ids.org/support/</a><br>

List: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openinfosecfoundation.org_mailman_listinfo_oisf-2Dusers&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=tmgv_f-9C0na1jWamaAdAAyv0VvDrlUsgzRoMTRqd1E&e=" rel="noreferrer" target="_blank"></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openinfosecfoundation.org_mailman_listinfo_oisf-2Dusers&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=tmgv_f-9C0na1jWamaAdAAyv0VvDrlUsgzRoMTRqd1E&e=">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

<br>
Conference: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__suricon.net&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=PC77fsbLE9f_LaOyQiiHcXqspxTVvdP3rTXy-P21dwU&e=" rel="noreferrer" target="_blank"></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__suricon.net&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=PC77fsbLE9f_LaOyQiiHcXqspxTVvdP3rTXy-P21dwU&e=">https://suricon.net</a><br>

Trainings: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__suricata-2Dids.org_training_&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=9N7ewCdWeAmWpqevM1mL-Gl54nX5CpCosO22Ejj4q6o&e=" rel="noreferrer" target="_blank"></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__suricata-2Dids.org_training_&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=RqlGO2PqbPIrFb_si0uTHUdVyfofKl2-3khReemoyoPWr55BNmOEPXVxWZhEPxNS&m=uZXbrROjy-zGNNBU-f2wvMUEDJnGxAPLHw2eS0tXxOY&s=9N7ewCdWeAmWpqevM1mL-Gl54nX5CpCosO22Ejj4q6o&e=">https://suricata-ids.org/training/</a></blockquote>
</div>


</div></div></span></blockquote></body></html>