[Oisf-users] Multiple listening interfaces to multiple log locations
Andrew J
autospeed1 at hotmail.co.uk
Fri Sep 6 10:48:16 UTC 2013
I apologise in advance if this is the wrong place to email questions or ask for support.
I am currently trying to work out the best method to listen on multiple interfaces with suricata (latest 1.4.5).
My current setup is suricata, barnyard2, snort mysql, custom ui.
The only way I can see this possible is via launching multiple instances of suricata.
If you listen via -i eth1 -i eth2 it creates log alerts in the same directory with the same name. Meaning there is no way for barnyard2 to tell which interface the traffic came from.
Any suggestions please?
Thanks,
Deej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130906/13891cd0/attachment-0002.html>
More information about the Oisf-users
mailing list