[Oisf-users] nfqueue or af_packet for suricata ips
Eric Leblond
eric at regit.org
Tue Mar 26 09:25:19 UTC 2013
Hello,
On Tue, 2013-03-26 at 09:03 +0000, C. L. Martinez wrote:
> Hi all,
>
> Next month, I will setup my first suricata IPS to monitor a 1 GB
> network. AFAIK this can be accomplished using af_packet or nfqueue in
> linux platforms. But, what is the best option for production systems??
> (host will be CentOS 6.4 x86_64).
>
> I see the following post from Eric:
> https://home.regit.org/2012/12/af-packet-oops/, and I don't know if
> af_packet is the best option to use under this CentOS host.
Which kernel version is used in the CentOS you are running ?
If too old, you will only have one capture thread per-interface. If not
young enough you will crash if you have more than 1 thread...
BR,
> Thanks.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-users
mailing list