Verify Suricata is using pf_ring?

jgs240 · May 27, 2020, 11:12am

Hello community!

I have built from source suricata and NTOP/pf_ring and run suricata using the following switches:

suricata -c /etc/suricata/suricata.yaml -D --pfring-int=ens1

Looking in stats.log for a pf_ring related line and I don’t see anything.

Should there be a pf_ring stats entry?
If not, is there another way to verify suricata is using pf_ring?

Jeff_Lucovsky · May 27, 2020, 11:59am

You can use suricatasc to query the run and capture mode of suricata:
suricatasc -c capture-mode /var/run/suricata/suricata-command.socket (note that the socket name is taken from suricata.yaml (if present). Otherwise, a default value is used.

jgs240 · May 27, 2020, 12:10pm

Perfect, that is it! Thank you!

Topic		Replies	Views
Suricata Performance tuning Help	19	5721	November 24, 2020
Suricata 6.0.6 fails to compile with pf_ring 8 Help pfring , suricata	25	1856	September 22, 2023
Suricata PF_RING in IPS mode Help	5	901	June 7, 2024
Installing Suricata 6.0.1 with PF_RING on CentOS8 Guides community , centos	0	1565	January 28, 2021
Suricata 6 on PF_RING and Silicom Fiberblaze FPGA Help	9	2332	September 29, 2022

Verify Suricata is using pf_ring?

Related topics