[Oisf-users] options for multiple interfaces
Theodore Elhourani
theodore.elhourani at gmail.com
Thu Oct 31 20:29:23 UTC 2013
A non-text attachment was scrubbed...
Name: suricata.yaml
Type: application/octet-stream
Size: 34440 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131031/10a76c58/attachment-0002.obj>
-------------- next part --------------
Yes the interfaces are configured in suricata.yaml (see attached)
and here is how it is started again:
suricata --af-packet=eth1 --af-packet=eth2 -c /etc/suricata/suricata.yaml -D
Suricata reads off eth1 only.
When I do
suricata --af-packet=eth2 --af-packet-eth1 -c /etc/suricata/suricata.yaml -D
it reads off eth2 only.
On Oct 2, 2013, at 11:26 PM, Peter Manev <petermanev at gmail.com> wrote:
>
>
>> On 3 okt 2013, at 01:54, Theodore Elhourani <theodore.elhourani at gmail.com> wrote:
>>
>> Would this be the correct syntax for starting suricata with multiple interfaces using afpacket?
>>
>> suricata --af-packet=eth1 --af-packet=eth2 …..
>>
>> I have tried this and it is reading only from eth1.
>
> Do you have those interfaces configured in suricata.yaml ?
>
>
>>
>> Thanks!
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list