[Oisf-users] Suricata - vars and multiple interfaces
Davide Setti
d.setti at certego.net
Mon Aug 6 15:40:56 UTC 2018
Hi all,
At the moment I am using suricata to listen from two different network
interfaces.
Each interface receives different traffic, in particular:
- traffic from clients to proxy
- traffic from proxy to internet
For this I need to use different configurations for HOME_NET and
EXTERNAL_NET for each interface.
The first should have:
- HOME_NET = <private address space>
- EXTERNAL_NET = <proxy-address>
While the second should have:
- HOME_NET = <private address space>
- EXTERNAL_NET = <public address space>
However in generated/example suricata.yaml variables are defined only
globally and I would like to have only a single suricata instance running.
Looking at comments in suricata.yaml is it should be possible to define a
different BPF filter for each interface.
Is it possible to define variables on interface basis or any interface
specific override?
Regards
--
<http://www.certego.net/>
Davide Setti
R&D and Incident Response Team, Certego
<http://www.linkedin.com/company/certego> <http://twitter.com/Certego_IRT>
<http://github.com/certego> <http://www.youtube.com/CERTEGOsrl>
<http://plus.google.com/117641917176532015312>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180806/5621cd53/attachment.html>
More information about the Oisf-users
mailing list