OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: crissi on August 04, 2021, 02:11:38 pm

Title: 21.7 fresh Install, cannot get suricata to notify and or block
Post by: crissi on August 04, 2021, 02:11:38 pm

Hello,
Im trying to get suricata to work notify and or block, but it seems im doing something wrong here. as I can download eicar testfiles without getting notified and or blocked.

I did the following Setup:

1.   Services – Intrusion Detection – Administration

2.   Intrusion Detection – Download

3.   Intrusion Detection – Policy


What im doing wrong here, do I miss something?

Thanks
Best regards
Crissi

Title: Re: 21.7 fresh Install, cannot get suricata to notify and or block
Post by: crissi on August 05, 2021, 09:18:08 pm

Can someone here give me a Hint?

Thx

Title: Re: 21.7 fresh Install, cannot get suricata to notify and or block
Post by: crissi on August 09, 2021, 02:49:40 pm

Updated to Sense 21.7.1 enabled Suricata again, this Time to Test just IDS is enabled. Under Home Networks i added also 192.168.1.0/24 newtork, offloading and VLAN Support disabled.

Tried with WAN and also just LAN Interface, even not IDS is working no Alerts are created.

Get in the Log SC_WARN_FLOWBIT(306) Error.

Any Idea?

Thx