Unfortunately, i had no luck.
What i did is:
- In the
suricata.yamlfile i added themulti-detectsection. Then, I started suricata with--af-packetoption. - Changed the
suricata.yamlfile adding in theaf-packetsection the interface i wanted to start monitoring - Registered a new tenant using
suricatasc -c "register-tenant 1 tenant1.yaml", and i received this kind of message:{"message": "adding tenant succeeded", "return": "OK"} - Tried to send a packet in order to use the new interface, but in the
eve.jsonfile nothing refers to that interface.