[Oisf-users] best method to monitor two NIC's on same box
Keith Miller
orekdm at gmail.com
Fri Jun 24 22:53:18 UTC 2011
Greetings programs!
I'm new to suricata, but a longtime veteran of NSM. Due to some recent
excitement at work I got suricata working as a standalone and then as part
of the smoothsec distro. I'm happily processing away on 8 cores at
low-medium utilization. I just discovered that we have to pull another
SPAN (traffic can't be added to the first) for monitoring. What is the
best methodology to support this in suricata. I poked around, but no docs
or postings seem to discuss this issue. Can I add a second NIC to the
single instance? Do I need to have two installations side by side? Or
just a second suricata.yaml and set of startup scripts?
Forgive me if I've missed something obvious, please help!
Keith Miller
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110624/e4dbf094/attachment-0002.html>
More information about the Oisf-users
mailing list