Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

snort/suricata need to run with a unique PF_RING cluster-id per interface #297

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 3 comments
Closed

snort/suricata need to run with a unique PF_RING cluster-id per interface #297

GoogleCodeExporter opened this issue Mar 24, 2015 · 3 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

snort/suricata need to run with a unique PF_RING cluster-id per interface

Original issue reported on code.google.com by doug.bu...@gmail.com on 24 Feb 2013 at 9:17
@GoogleCodeExporter
Copy link
Author 

Updated nsm_sensor_ps-start and nsm_sensor_ps-restart as follows:
        # Start IDS Engine with unified2 output
        # Need to set a unique PF_RING CLUSTER_ID for each interface
        CLUSTER_ID=`grep -n $SENSOR /etc/nsm/sensortab |cut -d\: -f1`; let CLUSTER_ID+=50
        # Update snort.conf with new $CLUSTER_ID
        sed -i "s|^config daq_var: clusterid=.*$|config daq_var: clusterid=$CLUSTER_ID|g" /etc/nsm/$SENSOR/snort.conf
        # Update suricata.yaml with new $CLUSTER_ID
        sed -i "s|cluster-id:.*$|cluster-id: $CLUSTER_ID|g" /etc/nsm/$SENSOR/suricata.yaml

Original comment by doug.bu...@gmail.com on 26 Feb 2013 at 5:08

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Tested by Matt Gregory and GabrielS.

Original comment by doug.bu...@gmail.com on 26 Feb 2013 at 5:12

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Copied to Stable PPA.

Original comment by doug.bu...@gmail.com on 26 Feb 2013 at 5:15

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter