Hi Suricata! I am new to Suricata, and I am trying to find the YAML Reference for af-packet I would have expected to find the reference here: 12.1. Suricata.yaml — Suricata 8.0.1-dev documentation. However, I cannot seem to find a section for af-packet.
We have an example in the quick start – see 2. Quickstart guide — Suricata 8.0.1-dev documentation
This example is for IDS mode – since you’re new to Suricata, I’m assuming that’s the mode you’ll use. In IDS mode, Suricata receives a copy of packets that traverse the network. The other common mode is IPS – inline mode - where Suricata acts as a bridge between two network interfaces.
Hi @Jeff_Lucovsky , thanks for linking the sample in the quick start, where could I find all options for af-packet or is it just those mentioned in the quick start?
The af-packet options are in the suricata.yaml file – most will be commented out with a brief description, and the default value will be listed.