Hi, I seem to have some issues with suricata. Currently im on the latest opnsense with netmap kernel also have sensei installed on it.
Suricata seems to generate alerts, I see some scan attempts on my open ports on the WAN side, but I also have a few rules enabled where I would expect suricata to alert and block the connection. In the emerging-info rules there is a rule enabled for a visit to http://www.whatismyip.com. Visiting this website should be blocked and alerted by suricata but there is no alert .. Regarding this, I only have suricata enabled on my WAN interface ... since I also have sensei enabled, if I also enabled suricata on my LAN the suricata service seems to crash.
How/where/what log can I check to see if suricata is doing anything ?
Thanks!
You cant run Sensei and Suri on the same nic
same nic you mean WAN / LAN or physical nic (i have 2 lan ports on my nic? Sensei is running on LAN+vlans and suricata is running on WAN