The mirrored traffic will retain their VLAN tags and Suricata can parse these tags.
I’m not sure how far down this path you’ve gone, but suricata will not automatically correlate primitives into actual alerts from different vlans without transforms, which are cpu-intensive for what they do.
You may want to pull your tap/span/mirror from a point where they converge, like internal side of network egress.
How did you monitor your vlans with suricata? I have enough trouble tuning a couple subnets, never mind tuning for correlation between 3 or 4. This assumes you have different subnets per vlan, of course.
Btrfs and ZFS do online defrag
News to me for ZFS. Are you talking about the recently implemented rewrite? Because “defrag” isnt really what that does, it simply consolidates metaslab data to (possibly) free up low-use blocks.
Using ZFS fragmentation profile import/export and/or enabling dynamic gang headers can certainly help with high fragmentation.
deleted by creator
From my perspective
Are you aware that I don’t have your perspective?
I wanted to know more about your project, from your own words. Instead I got a lecture about how “dumb” I am, so I’m no longer interested, because you seem like a jerk. Whether that was intensional or is coming from an ill-adapted social outlook, I’m still not sure of.
You seem to care more about being correct than talking about your project, which is your choice, I suppose.
I’d close this with a glib sign-off like “have a nice day”, but I’m not sure having a nice day is within your array of skills.
Agreed. I’ve seen 172 addresses self-assigned before, even though the apipa spec says it should be 169.254.x.x.
Easynews and nzbgeek.
Well worth the 30euro each per year.
Am I about to make a mistake?
Probably not. I’ve been a longtime Linux user/admin and I like to get under the hood with storage and networking.
Nothing wrong with proxmox at all, I used it for almost a decade.
You can get creative with Linux.
Regarding alpine, be prepared to find differences from glibc and systemd distros in places you don’t expect. PHP (god forbid you should need it) is a right mess on alpine. Mongodb will not work on alpine. Stuff like that.
I may take some challenge on this, but the tcpip stack seems faster on alpine than in debian, at least in my use cases.
Proxmox has a lot of tools I don’t need and I didn’t like how proxmox manages storage. Now I use Incus, mostly because incus doesn’t care about your storage back-end, networking, etc.
It’s not that obvious on Voyager, but hey, thanks for being passive aggressive about it.
No fdroid? Compliance too onerous now?
You gonna tell us what we’re looking at here?
I don’t use proxmox anymore, but it certainly needed a proper dashboard for basic metrics.
But the field can contain anything at all, so if anonymity is the goal, you can still have that.
This dialog isn’t asking for a legal name, it’s just suggesting using your real name because that’s a pretty normal thing.
It’s always been thus, tho, I think?
Seems like our times are troubled enough that identity is become a powderkeg issue, which I can understand.
But I don’t think Debian is forcing us to inscribe our legal names here.
I don’t get it.
I used to use Plex and now use jellyfin, not so much because one has features the other doesn’t, but because XBMC became what they said they never would be. That’s going back a ways, but I just saw the writing on the wall a few years ago that Plex had stopped caring about free users, and I was an admittedly free user.
People focus on monetary cost, but there is a price to Jellyfin, which is that you’re on your own with all the plumbing. I’m OK with that, but I can see why someone wouldn’t want to faf about with it.
Jellyfin will one day become what Plex is now, that’s the cycle of things.
Joy and utility.
Plus, there’s something for everyone.
Oh, yeah, absolutely. Suricata was created not long after snort, in the days when an ids did the gathering and the correlation.
You’re totally right, the way most people and orgs do it today is to ship ids logs to a siem for the correlation, overall easier to manage. ELK is the go-to for most, not sure about wazuh, I’ve only seen it in the homelab space, but it might work.
There is a distro (not totally open source) called SELKS, which sets up suricata, elastic and some other tooling (kibana) in a commonly-used setup. I deploy it a lot because it saves time with the non-security setup with dB’s and such. Pretty easy to point syslog to it and you can see alerts right away and start tuning.
I’m envious of your position, I learned a lot setting this stuff up.