[Oisf-users] Suricata - vars and multiple interfaces
Victor Julien
lists at inliniac.net
Tue Aug 7 13:40:56 UTC 2018
On 07-08-18 15:20, Davide Setti wrote:
> Hi Victor,
>
> I just tested a sample configuration against that PR on Ubuntu 16.04 LTS
> and I got a strange error.
>
> Here is my sample config (in shorts):
>
> af-packet:
> - interface: eno2
> threads: 1
> cluster-id: 91
> cluster-type: cluster_flow
>
> - interface: enp2s0f0
> threads: 1
> cluster-id: 92
> cluster-type: cluster_flow
>
> multi-detect:
> enabled: yes
> selector: device
> loaders: 2
> tenants:
> - id: 1
> yaml: eno1.yaml
> - id: 2
> yaml: enp2s0f0.yaml
>
> mappings:
> - device: eno2
> tenant-id: 1
> - device: enp2s0f0
> tenant-id: 2
>
> Whenever I test it with multi-detect enabled I got an error reporting
> that mapping device does not esixts.
Does it work without the -T option? I haven't looked into it yet, but
I'm guessing with -T the interfaces are not initialized in any way.
In fact, with -T suricata doesn't even know which capture method you
intend to use.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list