Have done four new OPNsense installs on an APU board and a Protectli Vault, and still can't get Suricata to reliably throw alerts. It was working briefly last week and then it stopped again. Currently have only the OPNsense eicar test rule installed, activated IDS on LAN interface only (per setup instructions in Deciso docs and the OIS-Suricata Youtube video) but no alerts thrown when downloading EICAR test file.
What am I doing wrong? Any help greatly appreciated.
Jay