[Oisf-users] NETMAP guide - suricata.yaml
Oliver Humpage
oliver at watershed.co.uk
Thu Apr 7 14:51:46 UTC 2016
> When I speak of an IDS I mean a standalone sensor that is fed copies of the traffic via SPAN or a network tap.
Ahh, I see what you mean! If it’s possible to omit copy-iface, you’ll have to be very explicit in the documentation to say this is for separate, non-inline sensors, so users don’t get confused.
However, although I have a limited knowledge of C, line 203 onwards in https://github.com/inliniac/suricata/blob/master/src/runmode-netmap.c would suggest that it requires a copy-iface directive. I think the code was written with inline sensors in mind.
Oliver.
More information about the Oisf-users
mailing list