Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Finding parent interface to run Suricata

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 141 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      michmoor LAYER 8 Rebel Alliance
      last edited by

      For efficiency, i want to run Suricata on the parent interface(s) on a LAGG. The multiple vlans riding this LAGG will have the same rule sets applied so it makes more sense to run it on the parent than on the individual interfaces.
      The issue is i cannot find the interface to apply my rules to.

      This is what i have assigned:

      ccb2d13d-b28c-496b-9827-5c6fa2d3325a-image.png

      As a workaround I have enabled Suricata on the WAN with the rulesets i want to capture. I have graylog running so im able to trace to the RealIP if an alert is generated but i rather not take that extra step.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.