Finding parent interface to run Suricata
-
For efficiency, i want to run Suricata on the parent interface(s) on a LAGG. The multiple vlans riding this LAGG will have the same rule sets applied so it makes more sense to run it on the parent than on the individual interfaces.
The issue is i cannot find the interface to apply my rules to.This is what i have assigned:
As a workaround I have enabled Suricata on the WAN with the rulesets i want to capture. I have graylog running so im able to trace to the RealIP if an alert is generated but i rather not take that extra step.