[Oisf-users] Question on monitoring a SPAN port
Leonard Jacobs
ljacobs at netsecuris.com
Sat Apr 18 15:07:51 UTC 2020
If suricata is being used to monitor a network span port in IDS mode on a single network interface as well as perform IPS mode on a different set of network interfaces on the same appliance, what is the best way to configure?
Either suricata -c /etc/suricata/suricata1.yaml -i eth0 and suricata -c /etc/suricata/suricata2.yaml --af-packet or
suricata -c /etc/suricata/suricata.yaml --af-packet and configure af-packet to perform ips mode on one pair of ports and ids mode on the other single port.
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200418/5c8e3b27/attachment.html>
More information about the Oisf-users
mailing list