[Oisf-users] Question on multiple instances of Suricata
Peter Manev
petermanev at gmail.com
Thu May 16 17:01:32 UTC 2019
On Tue, May 14, 2019 at 10:08 PM Oliver Humpage <oliver at watershed.co.uk>
wrote:
>
> > On 14 May 2019, at 20:46, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
> >
> > Is it ok to install multiple instances of Suricata on a single
> computer? We want to run Suricata in both IPS mode and IDS mode on two
> different network segments (external and internal networks) but not sure
> how else to run the same rule set on the same
> > computer in both modes except by running two instances of Suricata with
> separate yaml files.
>
> FWIW we run multiple instances of suricata on one (FreeBSD) server, to get
> different rulesets on different interfaces. No problems at all - we just
> renamed the service scripts to be suricata_<iface_name> so their startup
> config can reference different yaml files. Obviously in the yaml files you
> need to set each instance to log to a different folder, listen on a
> different interface, etc.
>
> There may be a way to do what you want with one instance, but multiple
> instances should work if not.
>
>
I have not personally tested IDS and IPS together in same config but suri
can be multi tenant per device/nic -
https://suricata.readthedocs.io/en/latest/configuration/multi-tenant.html#device
> Oliver.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190516/847a1822/attachment.html>
More information about the Oisf-users
mailing list