[Oisf-users] Can't coax Suricata to listen on ETH1 exclusively
Peter Manev
petermanev at gmail.com
Sat Mar 21 15:06:07 UTC 2015
On Thu, Feb 26, 2015 at 4:32 PM, Todd Howe <todd.howe at pathcom.com> wrote:
> Hello list;
>
>
>
> New user here. I’ve installed Suricata on a Debian Jessie VM in a small
> testbed I’m setting up. The VM has two NICs, ETH0: on a noisy VSphere
> network 192.168.10.x for shelling in and internet access, and ETH1: which is
> in my test subnet. Ifconfig and ping confirm that these NICs are both up.
>
>
>
> I can’t get Suricata to stop listening on ETH0: and to listen _only_ on
> ETH1: (If it’s relevant, I’ve set it to af-packet mode in
> /etc/default/suricata to avoid the check_nfqueue() bug)
>
>
Are you trying to set up IDS or IPS mode?
>
> I’ve tried the following:
>
>
>
> - starting it up with the command ‘suricata -c /etc/suricata/suricata.yaml
> -i eth1’ as the docs advise
>
> - changing every instance of ‘- interface: eth0’ in
> /etc/suricata/suricata.yaml to ‘- interface: eth1’
>
> - setting IFACE=eth1 in /etc/default/suricata despite the comment saying
> it’s only for pcap because, well, I’m out of ideas
>
>
>
> The logs fill up with garbage from ETH0: What could I be missing?
>
>
>
> Thanks;
>
> Todd
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list