Project

General

Profile

Actions

Bug #1497

closed

confusing interface configuration

Added by god lol over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the .deb packages there are both /etc/default/suricata and /etc/suricata/suricata.yaml

First one has options IFACE and LISTENMODE but if "af-packet" is chosen as listen mode than IFACE option iscompletely ignored and the value from suricata.yaml is taken instead. With no error messages about options overlap etc.

This is highly confusing and a real nightmare to troubleshoot. Would be much, much better if interface to work could be configured in one single place only. Otherwise if such an option overlap detected than it have to be fatal error preventing suricata from starting at all instead of silently choosing potentially incorrect interface.

Actions

Also available in: Atom PDF