Hi,
I recently added a bond interface to my Suricata install. When choosing the interfaces to monitor, both the two physical interfaces as well as the bonded interface appear as options.
I also have VLANs, so prior to having the bond, I selected the physical interface, of which there was only one, and enabled promiscuous.
I’ve tested and selecting either both physical interfaces or the single bonded interface appears to work, but is there a preferred/better option of the two?
I’ve searched both the Suricata and OPNsense doco/forums but have been unable to find an answer. The only similar issue I’ve found relates to VLANs, where it says to select the physical interface, but I can’t find any mention of what to do with bonds.