Hello!Can suricata accept a mirrored stream using the gre protocol?We want to configure mirroring with cisco.
Suricata has a GRE decoder, so it will probably work. Definitely test carefully though.
do you mean suricata/src/decode-gre.c at master · OISF/suricata · GitHub? Which folder should I put this file in? Could you write in more detail?
You don’t have to put it anywhere, if you build and install Suricata that will be included.
So the question is rather how did you build and/or install Suricata.
what am I doing wrong?
Could you elaborate what have you tried to do, and what were the results?
We have cisco, we want to mirror traffic using the gre protocol to suricata. How should we configure it?
Cisco is a company, so which product do you have?
To which machine do you want to forward it?
We need more concrete details about the setup before we can help more.
Also read the Suricata User Guide — Suricata 8.0.0-dev documentation to get a first understanding on how Suricata works.
I don’t know the device model, but a network engineer knows who can mirror traffic,send to a Windows machine on which suricata is installed