Suricata config: add support to listen of several interfaces

Signed-off-by: KheOps <kheops@ceops.eu>
equalitie · Mar 16, 2015 · 24164f7 · 24164f7
1 parent a67c82d
commit 24164f7
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/roles/common/templates/suricata.yaml.j2 b/roles/common/templates/suricata.yaml.j2
@@ -32,12 +32,16 @@ outputs:
 magic-file: /usr/share/file/magic
 
 af-packet:
-  - interface: {{ monitored_interface }}
+{% set clusterid = 99 %}
+{% for ifcap in monitored_interfaces %}
+  - interface: {{ ifcap }}
     threads: 1
-    cluster-id: 99
+    cluster-id: {{ clusterid }}
     cluster-type: cluster_flow
     defrag: yes
     use-mmap: yes
+{% set clusterid = clusterid - 1 %}
+{% endfor %}
 
 legacy:
   uricontent: enabled