LAN traffic graph stops working if Suricata inline mode is enabled
-
If I enable inline mode then LAN traffic graph stops working
Suricata Inline Mode:
Version:
2.5.1-RC, Suricata 6.0.0_9
Traffic Graph:
-
I've said this many, many times in previous posts here. Snort and Suricata both, when configured to use Inline IPS Mode, make use of the netmap kernel device. That device, when in use, interferes with a number of other network features such as packet accounting stats, VLANs, and limiters/traffic shaping.
If those features are important to you, then you must not use Inline IPS Mode and instead revert to Legacy Mode blocking.
-
@coldfire7 I noticed that Snort on LAN works with in-line mode ... just LAN graph though, no WAN.
-
@nollipfsense
Not on either of mine. -
@impatient said in LAN traffic graph stops working if Suricata inline mode is enabled:
@nollipfsense
Not on either of mine.This is a graph image with Suricata on WAN and Snort on LAN both with in-line mode.