[Oisf-users] A question about using suricata as an IPS
Victor Julien
victor at inliniac.net
Fri Apr 1 14:53:48 UTC 2011
There is no need at all to pass an interface to Suricata in this case.
Suricata gets the packets from NFQueue 0 as told by "-q 0".
Cheers,
Victor
On 04/01/2011 04:46 PM, Brant Wells wrote:
> Hey Carl,
>
> The way I have done it in the past is to set the interface that Suricata
> uses in the suricata.yaml or using the -i ethx command line...
>
> In your case, it would look something like:
>
> /usr/local/bin/suricata -c
> /data/config/etc/suricata-inet/suricata.yaml -D --pidfile
> /var/run/suricata-inet.pid -q 0 -i ipsif0
>
> Hope that helps!
> ~Brant
>
>
> On Fri, Apr 1, 2011 at 10:43 AM, carlopmart <carlopmart at gmail.com> wrote:
>
>> Hi all,
>>
>> I have configured a suricata sensor as an IPS. To do this I have setup
>> a bridge (ipsif0) and i have setup this iptables rule:
>>
>> iptables -A FORWARD -j NFQUEUE --queue-num 0
>>
>> and I have startup suricata with this options:
>>
>> "/usr/local/bin/suricata -c
>> /data/config/etc/suricata-inet/suricata.yaml -D --pidfile
>> /var/run/suricata-inet.pid -q 0"
>>
>> But, How do suricata sensor know on which interface needs to monitor?
>> Or do I need to adjust this on the iptables rule??
>>
>> Thanks.
>> --
>> CL Martinez
>> carlopmart {at} gmail {d0t} com
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list