7ac1bd5f4f
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 5s
One-shot import of all bojemoi repo commits as Hugo posts. Each post includes metadata, files changed, and diff stats. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
title, date, draft, tags, categories, summary, author
| title | date | draft | tags | categories | summary | author | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Fix Suricata to capture real traffic: move to host networking | 2026-02-14T15:56:36+01:00 | false |
|
|
Commit c7af3a7 par Betty — 4 fichier(s) modifié(s) | Betty |
Commit c7af3a7
| Repository | bojemoi |
| Branch | main |
| Auteur | Betty |
| Hash | c7af3a7340b2fdd15e343132ce4f4f81b5692bc9 |
| Date | 2026-02-14 |
Description
Suricata in Docker Swarm overlay network saw 0 packets (monitoring virtual VXLAN interface). Move to standalone docker compose with network_mode: host for real eth0 packet capture. Suricata-exporter stays in Swarm (reads socket/logs via bind mounts).
Also filter private/reserved IPs (RFC1918, multicast, broadcast) from Dozor threat feeds to prevent false positives on internal Docker traffic.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
Fichiers modifiés
M dozor/dozor/feeds.py
M scripts/startover.sh
M stack/01-service-hl.yml
A stack/01-suricata-host.yml
Statistiques
4 files changed, 59 insertions(+), 48 deletions(-)