Hi
I install the suricata in Ubuntu and configure the configuration yaml file where is set HOME_NET to my LAN IP and EXTERNAL_NET = “any” , is this configuration is correct for all my network traffic monitoring.
What is not working properly? How did you determine this?
My suricata is connected to through my lan which has a IP and then I configure it HOME_NET: “[192.168.6.0/24]” and EXTERNAT *NET: “!HOME_*NET” , and set af-packet: -interface: mysuricatalan interface name. This is my configuration. For this I need to monitor other lan ip with his Internet activity but the suricata PC is not listening this it only listen its own internet not that PC. Need you corporations in this matter. Thank you.
You need to forward the traffic from the other machines. For example via a mirror port on your switch.
To verify if the traffic is received on the capture interface you can also run tcpdump for a test and see if you can also see those connections that you want to monitor.
Thank you. Let me check let you know.