[Oisf-users] Question about using suricata 1.1rc1 with nfq
carlopmart
carlopmart at gmail.com
Wed Nov 9 10:18:12 UTC 2011
Hi all,
Recently, I have installed a suricata sensor to do some tests for
monitoring only web traffic. This suricata is installed using NFQ module
(with several bridges and NFQUEUEs defined) on Ubuntu 10.04.3 host. But
I don't understand some options in the new suricata configuration.
My idea is to integrate suricata with sguil. To do this, I have
enabled the following options on suricata.yaml:
- pcap-log:
enabled: yes
filename: suricata.log
limit: 1000
max_files: 100
mode: sguil
dir: /nsm/sguil_sensor/suricata/dailylogs
use_stream_depth: no
But I see new option in configuration file:
pcap:
- interface: eth1
What does it means this option?? Is not possible to record all traffic
that suricata sees over multiple NFQUEUEs?? Is it possible to define
multiple interfaces in this option??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list