[Oisf-users] Question on multiple instances of Suricata

Jason Taylor jtfas90 at gmail.com
Tue May 14 23:22:45 UTC 2019

We haven’t run into any deal breakers running multiple instances of
suricata on a single hardware device. It’s just super important to follow
the guidance in the septun docs as appropriate to your hardware platform to
maintain performance.


On May 14, 2019, at 17:47, Leonard Jacobs <ljacobs at netsecuris.com> wrote:

Thanks. I know how to do it but am worried about degradation in

> On May 14, 2019, at 3:11 PM, Oliver Humpage <oliver at watershed.co.uk>
>> On 14 May 2019, at 20:46, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>> Is it ok to install multiple instances of Suricata on a single
computer?  We want to run Suricata in both IPS mode and IDS mode on two
different network segments (external and internal networks) but not sure
how else to run the same rule set on the same
>> computer in both modes except by running two instances of Suricata with
separate yaml files.
> FWIW we run multiple instances of suricata on one (FreeBSD) server, to
get different rulesets on different interfaces. No problems at all - we
just renamed the service scripts to be suricata_<iface_name> so their
startup config can reference different yaml files. Obviously in the yaml
files you need to set each instance to log to a different folder, listen on
a different interface, etc.
> There may be a way to do what you want with one instance, but multiple
instances should work if not.
> Oliver.

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to which they are addressed.
If you have received this email in error please notify Netsecuris
management at mgmt at netsecuris.com. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Netsecuris Inc. The integrity and security
of this message cannot be guaranteed on the Internet
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190514/9b410fcb/attachment-0001.html>

More information about the Oisf-users mailing list