[Oisf-users] best method to monitor two NIC's on same box

Keith Miller orekdm at gmail.com
Fri Jun 24 22:53:18 UTC 2011

Greetings programs!

I'm new to suricata, but a longtime veteran of NSM.   Due to some recent
excitement at work I got suricata working as a standalone and then as part
of the smoothsec distro.    I'm happily processing away on 8 cores at
low-medium utilization.   I just discovered that we have to pull another
SPAN (traffic can't be added to the first) for monitoring.   What is the
best methodology to support this in suricata.   I poked around, but no docs
or postings seem to discuss this issue.  Can I add a second NIC to the
single instance?  Do I need to have two installations side by side?   Or
just a second suricata.yaml and set of startup scripts?

Forgive me if I've missed something obvious, please help!

Keith Miller
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110624/e4dbf094/attachment-0002.html>

More information about the Oisf-users mailing list