Thanks for checking in. I’ve been running this for about three weeks now and have been pretty satisfied that I’ve done it correctly, but here’s my files:
suricata.log (1.5 KB)
suricata.yaml (76.7 KB)
In this example I have 2 threads for PCAP processing (see the threading section at the bottom).