Since some time ago my opnsense box is always giving two lines with identical info when someone is triggered by the IDS/IPS
I run IDS/IPS only on my lan interface and have 11 rule sets enabled..
Any hint is appreciated
/Helle
Hi
suricata not using drop.log file any more.
"drop" events go into eve.json file.
since opnsense suricata.yaml contains
- drop:
alerts: yes
it generates two string in log
drop event contains some additional debug info about blocked packet
but maybe it would be nice to add the ability to disable this option
Ok, thanks for the explanation.
It makes the log look bad but now I know it is not something that is wrong with my system.
/Helle