Commit a57d0e88 authored by Franco Fichtner's avatar Franco Fichtner

intrusion detection: undo previous, switch to --pcap=intX

parent 6223e0b5
{# Macro import #}
{% from 'OPNsense/Macros/interface.macro' import physical_interface %}
{% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %} {% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
suricata_opnsense_bootup_run="/usr/local/opnsense/scripts/suricata/setup.sh"
suricata_enable="YES" suricata_enable="YES"
suricata_opnsense_bootup_run="/usr/local/opnsense/scripts/suricata/setup.sh"
{% if OPNsense.IDS.general.ips|default("0") == "1" %} {% if OPNsense.IDS.general.ips|default("0") == "1" %}
suricata_netmap="YES" # IPS mode, switch to netmap
suricata_netmap=YES
{% else %} {% else %}
# IDS mode, pcap live mode # IDS mode, pcap live mode
suricata_flags="-D --pcap" {% set addFlags=[] %}
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{% if loop.index == 1 %}
{# enable first interface #}
suricata_interface="{{ physical_interface(intfName) }}"
{% else %}
{# store additional interfaces to addFlags #}
{% do addFlags.append(physical_interface(intfName)) %}
{% endif %}
{% endfor %}
{# append additional interfaces #}
suricata_flags="-D {%
for intf in addFlags
%} --pcap={{ intf }} {% endfor
%} "
{% endif %} {% endif %}
{% else %} {% else %}
suricata_enable="NO" suricata_enable="NO"
{% endif %} {% endif %}
...@@ -748,12 +748,8 @@ logging: ...@@ -748,12 +748,8 @@ logging:
format: "[%i] <%d> -- " format: "[%i] <%d> -- "
pcap: pcap:
{% if helpers.exists('OPNsense.IDS.general.interfaces') %} - interface: default
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
- interface: {{physical_interface(intfName)}}
promisc: {% if helpers.exists('OPNsense.IDS.general.promisc') and OPNsense.IDS.general.promisc|default('0') == '1' %}yes{% else %}no{% endif %} # promiscuous mode promisc: {% if helpers.exists('OPNsense.IDS.general.promisc') and OPNsense.IDS.general.promisc|default('0') == '1' %}yes{% else %}no{% endif %} # promiscuous mode
{% endfor %}
{% endif %}
pcap-file: pcap-file:
# Possible values are: # Possible values are:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment