random936/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated suricata to now work with port mirroring

Browse Source
This commit is contained in:
Random936
2025-02-26 15:47:27 -08:00
parent b4ec2af71d
commit 3a3303e822
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/assets/suricata.yaml
View File

@@ -42,7 +42,7 @@ stats:
enabled: yes
af-packet:
- interface: enp6s18
- interface: enp6s19
use-mmap: yes
tpacket-v3: yes
cluster-id: 99

4
config/logging.nix
View File

@@ -11,6 +11,8 @@
})
];
networking.firewall.enable = false;
users.users.logging = import ./user.nix;
environment.systemPackages = with pkgs; [
@@ -193,7 +195,7 @@
serviceConfig = {
type = "simple";
User = "logging";
ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s18";
ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
Restart = "on-failure";
CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";