[Oisf-users] Suricata seperate Rx/Tx connection
Nelson, Cooper
cnelson at ucsd.edu
Fri Nov 1 21:02:46 UTC 2019
What packet capture method are you using?
-Coop
From: Amar <amar at countersnipe.com>
Sent: Friday, November 1, 2019 1:58 PM
To: Nelson, Cooper <cnelson at ucsd.edu>
Cc: mohammad kashif <kashif.alig at gmail.com>; Oisf-Users <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] Suricata seperate Rx/Tx connection
CounterSnipe default setup bonds all interfaces into a single bond#(0) and starts Suri with -i bond0 and it works fine.
On Nov 1, 2019 at 10:49 PM, <Cooper Nelson<mailto:cnelson at ucsd.edu>> wrote:
That would work with pcap, not sure how AF_PACKET handles bonded interfaces.
We use an Arista with two 10Gbit interfaces and pevma’s config.
-Coop
From: Amar <amar at countersnipe.com<mailto:amar at countersnipe.com>>
Sent: Friday, November 1, 2019 8:19 AM
To: mohammad kashif <kashif.alig at gmail.com<mailto:kashif.alig at gmail.com>>
Cc: Nelson, Cooper <cnelson at ucsd.edu<mailto:cnelson at ucsd.edu>>; Oisf-Users <oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>>
Subject: Re: [Oisf-users] Suricata seperate Rx/Tx connection
Could bonding be the solution here. Bond eth1 and 2 and simply monitor the bond.
On Nov 1, 2019 at 4:08 PM, <mohammad kashif<mailto:kashif.alig at gmail.com>> wrote:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191101/be66637b/attachment-0001.html>
More information about the Oisf-users
mailing list