[Oisf-users] Two questions about using suricata as IPS in production environments
C. L. Martinez
carlopmart at gmail.com
Fri Jan 23 12:11:37 UTC 2015
On Fri, Jan 23, 2015 at 11:59 AM, Andreas Herz <andi at geekosphere.org> wrote:
> On 23/01/15 at 11:55, C. L. Martinez wrote:
>> On Fri, Jan 23, 2015 at 11:22 AM, Andreas Herz <andi at geekosphere.org> wrote:
>> > I thought you were just refering to the feature for IPS mode to let the
>> > flow going even when suricata crashes/quits.
>>
>> Sure. But, if I am not wrong, if I configure a bridge at SO level, it
>> is not need to deploy a script to watch suricata process .. Right?
>
> I don't understand what you mean with this in detail.
>
oops, sorry. I will try to explain it better. Instead of use a
watchdog/script when some type of problem occurs with suricata at
software level (restart suricata, reload rules, etc..) I can configure
a bridge between two nics in the host. If suricata stops for any
reason, traffic isn't dropped. Correct??
More information about the Oisf-users
mailing list