Listening on multiple interfaces with Suricata
A question I see quite often is, can I listen on multiple interfaces with a single Suricata instance? Until now the answer always was “no”. I’d suggest trying the “any”-pseudo interface (suricata -i...
View ArticleSuricata runmode changes
Yesterday I pushed a patch that changes the default runmode from “auto” to “autofp”. The autofp name stands for “auto flow pinning” and it automatically makes sure all packets belonging to a flow are...
View ArticleSuricata scaling improvements
For the Suricata 1.3beta1 release, one of our goals was to improve the scalability of the engine when running on many cores. As the graph below shows, we made a good deal of progress. The blue line is...
View ArticleSuricata on Myricom capture cards
Myricom and OISF just announced that Myricom joined to OISF consortium to support the development of Suricata. The good folks at Myricom already sent me one of their cards earlier. In this post I’ll...
View Article
More Pages to Explore .....