Monitor eth0 and eth1 with zeek and suricata

2021-01-05 21:56:00 -08:00
parent f0987e8148
commit 2023e54ece
5 changed files with 131 additions and 20 deletions
--- a/Vagrant/resources/suricata/suricata.yaml
+++ b/Vagrant/resources/suricata/suricata.yaml
@@ -124,11 +124,14 @@ logging:
      facility: local5
      format: "[%i] <%d> -- "
 af-packet:
+  - interface: eth0
+    cluster-id: 98
+    cluster-type: cluster_flow
+    defrag: yes
  - interface: eth1
    cluster-id: 99
    cluster-type: cluster_flow
    defrag: yes
-  - interface: default
 pcap-file:
  checksum-checks: auto
 app-layer: