Was moving a file from a local Windows machine to a Samba share on the NS server:
Suricata usage plummeted to almost nothing when the copy ended.
Is there a way to make Suricata only monitor the red interface.
Cheers.
Hello @EddieA,
I think it’s necessary to listen to the green interface, because you won’t see which LAN device is infected for instance if you only listen on red. Interfaces are defined in /etc/suricata/suricata.yaml.
There is another discussion about suricata on LAN or WAN or both:
1 Like