I'm trying to set up packet capture for Suricata IDS/IPS monitoring. I want to capture all incoming WAN traffic from ether1 and mirror it to ether6, which connects to my Suricata VM.
Current setup:
RouterOS: 7.11.2
Device: L009UiGS-2HaxD
WAN port: ether1
Suricata VM connection: ether6
I've configured the basic packet sniffer settings:
Memory Limit: 100MB
Streaming Enabled: Yes
Port: 37008
Filter Stream: Enabled
MAC Protocol: ip
Issue:
I need help setting up the actual capture rule to mirror traffic from ether1 to ether6. I'm using WebFig interface and cannot locate where to add the specific capture rule that would be equivalent to this CLI command
/tool packet-sniffer
add interface=ether1 interface-matched=ether6 memory-limit=100 direction=in
Re: How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
hello,
you can use winbox, go to switch menu, and mirror your monitored port to suricata port.
https://help.mikrotik.com/docs/spaces/R ... p+Features
you can use winbox, go to switch menu, and mirror your monitored port to suricata port.
https://help.mikrotik.com/docs/spaces/R ... p+Features
Re: How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
i already tried this and its not enough because switch only mirrors arp , and i need tcp or udp ( ip )hello,
you can use winbox, go to switch menu, and mirror your monitored port to suricata port.
https://help.mikrotik.com/docs/spaces/R ... p+Features
Who is online
Users browsing this forum: No registered users and 5 guests