I am sending the stream from the sniffer tool directly to a Linux box on which I have installed suricata. Do I need an intermediate tool?
Nope. Haven't heard of trafr until your message.Do I have to run suricata through trafr?
No, just stream packets with the sniffer tool to the suricata host. Yes, I don't see any problem with the ability to handle that configuration.Do I need calea packege to restream packets .Snort need calea. Alsa will hap ac2 4 core cPU handle suricata+ few qos+25filter rules?
Should work fine with RB450G. Just need to stream the packet sniffer to the suricata box and follow the installation instructions.This is awesome...if only I could get this on a RB450G...is there?
Done! thanks. A bit question. I was using gen_id 1 always, why now 0?This:Code: Select all
suppress gen_id 0, sig_id 0, track_by_src, ip 213.98.XX.XX
Someone who can help me, I need sent Mikrotik from the Suricata, without MySQl some easy php like https://wiki.mikrotik.com/wiki/Mikrotik_IPS_IDS
I put a line in threshold.config indicating the specific rule and IP address to suppress.Hi,
How could I add an IP as whitelist?
suppress gen_id 1, sig_id 2010066, track by_src, ip 192.168.100.2
What version of MySql are you using? inet_ntoa was introduced in version 5.5.3.Hi, I installed correctly this but I get bad address on Mikrotik, could anyone help me please?
Here a picture: