[Oisf-users] AF_Packet multiple capture interfaces
Brian Hennigar
bhennigar at gmail.com
Wed Oct 28 17:19:54 UTC 2015
Hi,
I'm looking for recommendations for using suricata un runmode: workers and
AF_Packet with multiple capture interfaces. I'm not how to best configure
the threads and cluster-id.
I have 3 relatively low traffic span interfaces (IDS mode, alert only) and
6 cores.
Would each interface need to have it's own cluster-id? Would the best
threads setting be auto for each interface?
Thanks!
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151028/b37475c8/attachment.html>
More information about the Oisf-users
mailing list