[Oisf-users] Launch suricata with PFRING support

Alvaro Alonso Jiménez alvaroalo at gmail.com
Mon Sep 29 12:15:46 UTC 2014

Hi there,

I have compiled suricata with PFRING, and I want to launch it properly.

I have found the following documentation regarding the way Suricata needs
to be launched:


More precisely:

*Start up Suricata with PF_RING support:*

*sudo /opt/PF_RING/bin/suricata --pfring-int=eth0 --pfring-cluster-id=99
--pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml*

In this sense, it seems there is no reference to -i option (using to
specify the interfaces which we have to use to sniff traffic). Let's assume
I want to use several interfaces to sniff traffic with PFRING
configuration. I have also found this other entry, which states that we
should specify a '-i' option for each interface we want to use to sniff


So, let's assume I want to use eth0 and eth1 to sniff traffic. How should I
launch suricata?


/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 -i eth1
--pfring=eth0 --pfring=eth1

(suricata-start log traces shows that using multiple interfaces to sniff
traffic is a experimental feature, and suricata log traces show duplicated
information for eth0 and eth1)


/usr/bin/suricata -c /etc/suricata/suricata.yaml --pfring=eth0 --pfring=eth1


Thank you very much in advance.

With kind regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140929/c1f9c31b/attachment-0001.html>

More information about the Oisf-users mailing list