mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.0 KiB
ReStructuredText
43 lines
1.0 KiB
ReStructuredText
Endace DAG
|
|
==========
|
|
|
|
Suricata comes with native Endace DAG card support. This means Suricata can use the *libdag* interface directly, instead of a libpcap wrapper (which should also work).
|
|
|
|
Steps:
|
|
|
|
Configure with DAG support:
|
|
|
|
::
|
|
|
|
./configure --enable-dag --prefix=/usr --sysconfdir=/etc --localstatedir=/var
|
|
make
|
|
sudo make install
|
|
|
|
Results in:
|
|
|
|
::
|
|
|
|
Suricata Configuration:
|
|
AF_PACKET support: no
|
|
PF_RING support: no
|
|
NFQueue support: no
|
|
IPFW support: no
|
|
DAG enabled: yes
|
|
Napatech enabled: no
|
|
|
|
|
|
Start with:
|
|
|
|
::
|
|
|
|
suricata -c suricata.yaml --dag 0:0
|
|
|
|
|
|
Started up!
|
|
|
|
::
|
|
|
|
|
|
[5570] 10/7/2012 -- 13:52:30 - (source-erf-dag.c:262) <Info> (ReceiveErfDagThreadInit) -- Attached and started stream: 0 on DAG: /dev/dag0
|
|
[5570] 10/7/2012 -- 13:52:30 - (source-erf-dag.c:288) <Info> (ReceiveErfDagThreadInit) -- Starting processing packets from stream: 0 on DAG: /dev/dag0
|