[Oisf-users] Question on multiple instances of Suricata

[Leonard Jacobs]

Thanks. I know how to do it but am worried about degradation in performance.

> On May 14, 2019, at 3:11 PM, Oliver Humpage <oliver at watershed.co.uk> wrote:
> 
> 
>> On 14 May 2019, at 20:46, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>> 
>> Is it ok to install multiple instances of Suricata on a single computer?  We want to run Suricata in both IPS mode and IDS mode on two different network segments (external and internal networks) but not sure how else to run the same rule set on the same 
>> computer in both modes except by running two instances of Suricata with separate yaml files.
> 
> FWIW we run multiple instances of suricata on one (FreeBSD) server, to get different rulesets on different interfaces. No problems at all - we just renamed the service scripts to be suricata_<iface_name> so their startup config can reference different yaml files. Obviously in the yaml files you need to set each instance to log to a different folder, listen on a different interface, etc.
> 
> There may be a way to do what you want with one instance, but multiple instances should work if not.
> 
> Oliver.
> 



This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify Netsecuris management at mgmt at netsecuris.com. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Netsecuris Inc. The integrity and security of this message cannot be guaranteed on the Internet 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190514/8169f8c9/attachment.html>