[Oisf-users] Question about using suricata 1.1rc1 with nfq
carlopmart
carlopmart at gmail.com
Wed Nov 9 10:45:26 UTC 2011
On 11/09/2011 11:23 AM, Eric Leblond wrote:
>>
>> pcap:
>> - interface: eth1
>>
>> What does it means this option??
>
> This option/configuration part is for the pcap acquisition module. You
> can now specify multiple interfaces with different configuration for
> pcap, pfring and af_packet acquisition module. Have a look at the
> following blog post for more information:
> http://home.regit.org/2011/10/suricata-new-feature/
If I use bridges too?? That's where I see the problem. I am using three
bridges: br0, br1, br2. Do I need to specify bridges or every phyisical
nic??
>
>> Is not possible to record all traffic
>> that suricata sees over multiple NFQUEUEs??
>
> Yes, you can do this by using multiple -q switches on the command line:
> suricata -c suricata.yaml -q 0 -q 1
This is how I configured, with multiple nfqueues.
>
>> Is it possible to define
>> multiple interfaces in this option??
>
> Yes for pcap.
>
How? Like this??
pcap:
- interface: br0, br1, br2
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list