Hi everyone , I want to make multiple instances of suricata for multiple interfaces , but I don’t know how to do it.
Currently I have a single instance which have its own configuration file and logs folder .
I want to know how to make more instances so that each instance have its own configuration and logs folder.
Also want to know that suricata read the docs 10.4 is related to this or not as commands not work .
You can run multiple instances of Suricata on a single machine if you’d like.
Both the configuration file and the logging directory can be set on the command line: suricata -c /path/to/configuration-file -l /path/to/logging-directory
You can also specify the NIC interface: suricata -c /path/to/configuration-file -l /path/to/logging-directory --af-packet=enp3s0
Section 10.4 is for Suricata’s multi-tenancy support. What commands aren’t working as expected?
Multi - detect is enabled , I guess its not because of suricata.yaml .
It always show register tenant : command not found .
I can share yaml if needed .