OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: nwabytes on February 19, 2020, 07:00:45 pm

Title: Help me understand suricata
Post by: nwabytes on February 19, 2020, 07:00:45 pm

Im coming from Pfsense, I really like everything i see with OPNSense. I have one issue and its suricata.
Ive tried bare metal and virtualization, I cant seem to get  it working.
Im use to seeing alerts and blocks. with OPNSense there never anything in alerts. ive read over the forums disabled the snort rules. Heres my logs as of now.

Code: [Select]

2020-02-19T11:42:52 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:34:53 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:33:15 suricata[4136]: [100381] <Notice> -- all 4 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:31:35 suricata: [100381] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:31:35 suricata: [100174] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0+': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- Signal Received. Stopping engine.
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:30:23 suricata: [100462] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:30:23 suricata: [100107] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1+': pkts: 1611, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1': pkts: 2052, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Signal Received. Stopping engine.