Hi,
Sometimes, the suricata process was stopped when I run more than two Suricata processes for interfaces eth0 and eth1 (Suricata 6.0.4, Ubuntu20.04).
Can Suricata specifications allow more than two to run at the same time? (I know Suricata can watch multiple interface by one process. But, I want to run Suricata processes for each interface.)
Regards,
Multiple Suricata processes can run at the same time, provided you have enough memory.
You also need to make sure there is no conflict in files and directories. You’ll want to have each instance log to its own directory, if using the pid-file option, each instance should have its own pid-file. So if you run with the defaults for one instance, you’ll have to override those for another instance. Usually the log directory is enough.
Thank you for your reply. I will check these points.