[Oisf-users] Getting Errors on Suricata Startup
Leonard’s Netsecuris
ljacobs at netsecuris.com
Thu Jan 23 15:22:11 UTC 2020
Up to this application of it, we have always used af-packet inline so we were not sure. We will try af-packet with a single nic to see if error goes away.
I guess we thought we could disable af-packet by commenting out in yaml.
Thanks.
> On Jan 23, 2020, at 3:07 AM, Andreas Herz <andi at geekosphere.org> wrote:
>
> On 23/01/20 at 06:18, Leonard Jacobs wrote:
>> I do not want to use af-packet mode. This sensor is not in-line. It is on a span port. I want af-packet disabled.
>
> You can use another mode as Peter mentioned but for af-packet the sensor
> does not have to be inline. You can use af-packet in such a scenario as
> well and it provides the best performance in most cases.
>
> --
> Andreas Herz
More information about the Oisf-users
mailing list