[Oisf-users] A question about using suricata as an IPS

Brant Wells bwells at tfc.edu
Fri Apr 1 14:46:02 UTC 2011

Hey Carl,

The way I have done it in the past is to set the interface that Suricata
uses in the suricata.yaml or using the -i ethx command line...

In your case, it would look something like:

 /usr/local/bin/suricata -c
/data/config/etc/suricata-inet/suricata.yaml -D --pidfile
/var/run/suricata-inet.pid -q 0 -i ipsif0

Hope that helps!

On Fri, Apr 1, 2011 at 10:43 AM, carlopmart <carlopmart at gmail.com> wrote:

> Hi all,
>  I have configured a suricata sensor as an IPS. To do this I have setup
> a bridge (ipsif0) and i have setup this iptables rule:
>  iptables -A FORWARD -j NFQUEUE --queue-num 0
>  and I have startup suricata with this options:
>  "/usr/local/bin/suricata -c
> /data/config/etc/suricata-inet/suricata.yaml -D --pidfile
> /var/run/suricata-inet.pid -q 0"
>  But, How do suricata sensor know on which interface needs to monitor?
> Or do I need to adjust this on the iptables rule??
>  Thanks.
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110401/82dd5fc2/attachment-0002.html>

More information about the Oisf-users mailing list