I have installed suricata and have it up and running with default rules. Right now the input is from a mirror port from the trunk. I have several VLANs that I think would benefit from tenants. I have read through the documentation, but have not been successful at implementing.
I am not sure what the minimum required config is for a tenat. I have added the multi: to the suricata.yml and then have the tenant-x.yml files. The questions I have are:
- I get an error on startup saying that the rules file exists? Does this mean that each tenant needs it’s own rule file?
- What does a basic simple tenant-x.yml look like?