[Oisf-users] options for multiple interfaces
Theodore Elhourani
theodore.elhourani at gmail.com
Mon Nov 4 19:39:32 UTC 2013
This
"suricata --pidfile -c suricata.yaml --af-packet -D"
works fine, as long as the interfaces are configured in the yaml.
Thanks!
Ted
On Thu, Oct 31, 2013 at 2:08 PM, Eric Leblond <eric at regit.org> wrote:
> Hi,
>
> Le jeudi 31 octobre 2013 à 20:52 +0000, Chris Edwards a écrit :
> > On Thu, 31 Oct 2013, Kevin Branch wrote:
> >
> > > As to whether you can point a single instance of suricata at multiple
> > > interfaces in this way
> >
> > Yep, you absolutely can - no need to faff around with bonding interfaces.
> > Our cmdline args are:
> >
> > suricata --pidfile -c suricata.yaml --af-packet=eth1 --af-packet=eth2
> -D
> >
> > and it captures from both interfaces just fine :-)
>
> Or you can just run
>
> suricata --pidfile -c suricata.yaml --af-packet -D
>
> to run a suricata sniffing all the interfaces defined in the yaml.
>
> BR,
> --
> Eric Leblond <eric at regit.org>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131104/8cf5bc61/attachment.html>
More information about the Oisf-users
mailing list