From 3a3303e82279bba9bf90c688e7ff7aab0a2bf1be Mon Sep 17 00:00:00 2001
From: Random936 <randomdude936@gmail.com>
Date: Wed, 26 Feb 2025 15:47:27 -0800
Subject: [PATCH] Updated suricata to now work with port mirroring

---
 config/assets/suricata.yaml | 2 +-
 config/logging.nix          | 4 +++-
 hardware/logging.nix        | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/assets/suricata.yaml b/config/assets/suricata.yaml
index ff55092..32736ee 100644
--- a/config/assets/suricata.yaml
+++ b/config/assets/suricata.yaml
@@ -42,7 +42,7 @@ stats:
   enabled: yes
 
 af-packet:
-  - interface: enp6s18
+  - interface: enp6s19
     use-mmap: yes
     tpacket-v3: yes
     cluster-id: 99
diff --git a/config/logging.nix b/config/logging.nix
index 21d0ddb..299ed56 100644
--- a/config/logging.nix
+++ b/config/logging.nix
@@ -11,6 +11,8 @@
     })
   ];
 
+  networking.firewall.enable = false;
+
   users.users.logging = import ./user.nix;
 
   environment.systemPackages = with pkgs; [
@@ -193,7 +195,7 @@
     serviceConfig = {
       type = "simple";
       User = "logging";
-      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s18";
+      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
       Restart = "on-failure";
       CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
       AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";
diff --git a/hardware/logging.nix b/hardware/logging.nix
index 4d7588e..245625c 100644
--- a/hardware/logging.nix
+++ b/hardware/logging.nix
@@ -31,7 +31,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+  #networking.interfaces.enp6s19.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }