[Oisf-users] A question about using suricata as an IPS
Brant Wells
bwells at tfc.edu
Fri Apr 1 14:46:02 UTC 2011
Hey Carl,
The way I have done it in the past is to set the interface that Suricata
uses in the suricata.yaml or using the -i ethx command line...
In your case, it would look something like:
/usr/local/bin/suricata -c
/data/config/etc/suricata-inet/suricata.yaml -D --pidfile
/var/run/suricata-inet.pid -q 0 -i ipsif0
Hope that helps!
~Brant
On Fri, Apr 1, 2011 at 10:43 AM, carlopmart <carlopmart at gmail.com> wrote:
> Hi all,
>
> I have configured a suricata sensor as an IPS. To do this I have setup
> a bridge (ipsif0) and i have setup this iptables rule:
>
> iptables -A FORWARD -j NFQUEUE --queue-num 0
>
> and I have startup suricata with this options:
>
> "/usr/local/bin/suricata -c
> /data/config/etc/suricata-inet/suricata.yaml -D --pidfile
> /var/run/suricata-inet.pid -q 0"
>
> But, How do suricata sensor know on which interface needs to monitor?
> Or do I need to adjust this on the iptables rule??
>
> Thanks.
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110401/82dd5fc2/attachment-0002.html>
More information about the Oisf-users
mailing list