Updated suricata to now work with port mirroring

config/assets/suricata.yaml

@@ -42,7 +42,7 @@ stats:
   enabled: yes
 
 af-packet:
-  - interface: enp6s18
+  - interface: enp6s19
     use-mmap: yes
     tpacket-v3: yes
     cluster-id: 99

config/logging.nix

@@ -11,6 +11,8 @@
     })
   ];
 
+  networking.firewall.enable = false;
+
   users.users.logging = import ./user.nix;
 
   environment.systemPackages = with pkgs; [
@@ -193,7 +195,7 @@
     serviceConfig = {
       type = "simple";
       User = "logging";
-      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s18";
+      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
       Restart = "on-failure";
       CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
       AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";

hardware/logging.nix

@@ -31,7 +31,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+  #networking.interfaces.enp6s19.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }