[Oisf-users] options for multiple interfaces
Eric Leblond
eric at regit.org
Thu Oct 31 21:08:33 UTC 2013
Hi,
Le jeudi 31 octobre 2013 à 20:52 +0000, Chris Edwards a écrit :
> On Thu, 31 Oct 2013, Kevin Branch wrote:
>
> > As to whether you can point a single instance of suricata at multiple
> > interfaces in this way
>
> Yep, you absolutely can - no need to faff around with bonding interfaces.
> Our cmdline args are:
>
> suricata --pidfile -c suricata.yaml --af-packet=eth1 --af-packet=eth2 -D
>
> and it captures from both interfaces just fine :-)
Or you can just run
suricata --pidfile -c suricata.yaml --af-packet -D
to run a suricata sniffing all the interfaces defined in the yaml.
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list