[Oisf-users] NETMAP guide - suricata.yaml
Victor Julien
lists at inliniac.net
Thu Apr 7 15:06:08 UTC 2016
On 07-04-16 16:51, Oliver Humpage wrote:
>
>> When I speak of an IDS I mean a standalone sensor that is fed copies of the traffic via SPAN or a network tap.
>
> Ahh, I see what you mean! If it’s possible to omit copy-iface, you’ll have to be very explicit in the documentation to say this is for separate, non-inline sensors, so users don’t get confused.
I'd suggest the other way around. Passive IDS is by far the most common
way of deployment for Suricata.
> However, although I have a limited knowledge of C, line 203 onwards in https://github.com/inliniac/suricata/blob/master/src/runmode-netmap.c would suggest that it requires a copy-iface directive. I think the code was written with inline sensors in mind.
I'm running netmap in passive IDS mode w/o that option on Linux. I don't
think it will be different on FreeBSD.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list