---
title: "Fix Suricata to capture real traffic: move to host networking"
date: 2026-02-14T15:56:36+01:00
draft: false
tags: ["commit", "bojemoi", "fix", "stack"]
categories: ["Git Activity"]
summary: "Commit c7af3a7 par Betty — 4 fichier(s) modifié(s)"
author: "Betty"
---

## Commit `c7af3a7`

| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Auteur** | Betty |
| **Hash** | `c7af3a7340b2fdd15e343132ce4f4f81b5692bc9` |
| **Date** | 2026-02-14 |

### Description

Suricata in Docker Swarm overlay network saw 0 packets (monitoring
virtual VXLAN interface). Move to standalone docker compose with
network_mode: host for real eth0 packet capture. Suricata-exporter
stays in Swarm (reads socket/logs via bind mounts).

Also filter private/reserved IPs (RFC1918, multicast, broadcast) from
Dozor threat feeds to prevent false positives on internal Docker traffic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

### Fichiers modifiés

```
M	dozor/dozor/feeds.py
M	scripts/startover.sh
M	stack/01-service-hl.yml
A	stack/01-suricata-host.yml
```

### Statistiques

```
 4 files changed, 59 insertions(+), 48 deletions(-)
```