Verify Suricata is using pf_ring?

jgs240 · May 27, 2020, 11:12am

Hello community!

I have built from source suricata and NTOP/pf_ring and run suricata using the following switches:

suricata -c /etc/suricata/suricata.yaml -D --pfring-int=ens1

Looking in stats.log for a pf_ring related line and I don’t see anything.

Should there be a pf_ring stats entry?
If not, is there another way to verify suricata is using pf_ring?

Jeff_Lucovsky · May 27, 2020, 11:59am

You can use suricatasc to query the run and capture mode of suricata:
suricatasc -c capture-mode /var/run/suricata/suricata-command.socket (note that the socket name is taken from suricata.yaml (if present). Otherwise, a default value is used.

jgs240 · May 27, 2020, 12:10pm

Perfect, that is it! Thank you!

Topic		Replies	Views
Suricata PF_RING in IPS mode Help	3	794	August 7, 2020
Seems parameters '--unix-socket' and '--af-apcket' are incompatible?	3	195	September 19, 2023
Configure Suricata in Bridge Mode [Suricata 6.0.8] Help suricata	4	1129	November 7, 2022
Suricata on BSD with PF firewall Help	1	675	April 1, 2022
Using Suricata to scan for attacks Help pfsense , community , rules , suricata	1	950	January 21, 2022

Verify Suricata is using pf_ring?

Related Topics