<html>
<body>
Thanks. I know how to do it but am worried about degradation in performance.
<br>
<br>
<font color="#000000">> On May 14, 2019, at 3:11 PM, Oliver Humpage <<a href="mailto:oliver@watershed.co.uk">oliver@watershed.co.uk</a>> wrote:
</font><br>
<font color="#000000">>
</font><br>
<font color="#000000">>
</font><br>
<font color="#000000">>> On 14 May 2019, at 20:46, Leonard Jacobs <<a href="mailto:ljacobs@netsecuris.com">ljacobs@netsecuris.com</a>> wrote:
</font><br>
<font color="#000000">>>
</font><br>
<font color="#000000">>> Is it ok to install multiple instances of Suricata on a single computer? We want to run Suricata in both IPS mode and IDS mode on two different network segments (external and internal networks) but not sure how else to run the same rule set on the same
</font><br>
<font color="#000000">>> computer in both modes except by running two instances of Suricata with separate yaml files.
</font><br>
<font color="#000000">>
</font><br>
<font color="#000000">> FWIW we run multiple instances of suricata on one (FreeBSD) server, to get different rulesets on different interfaces. No problems at all - we just renamed the service scripts to be suricata_<iface_name> so their startup config can reference different yaml files. Obviously in the yaml files you need to set each instance to log to a different folder, listen on a different interface, etc.
</font><br>
<font color="#000000">>
</font><br>
<font color="#000000">> There may be a way to do what you want with one instance, but multiple instances should work if not.
</font><br>
<font color="#000000">>
</font><br>
<font color="#000000">> Oliver.
</font><br>
<font color="#000000">>
</font><br>
<br>
<BR />
<BR />
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this email in error please notify Netsecuris management at mgmt@netsecuris.com. Please note that any views or opinions presented in
this email are solely those of the author and do not necessarily
represent those of Netsecuris Inc. The integrity and
security of this message cannot be guaranteed on the Internet
<BR />
</body>
</html>