I have just switched ISP to a pppoe fiber connection.
I noticed that it looks like suricata is no longer working / getting alerts in the log. I have suricata on WAN and zenarmor on LAN
I have tried Promiscuous mode enabled and disabled, but no difference.
Does somebody knows how to make suricata to work again? What settings do I have to change? Or is suricata still not available on pppoe ?
IPS doesn't work with PPPoE, Only IDS works.
Thanks for your reply. That's a big bummer. Hopefully it will be added, first posts about this was years ago, so i was hoping that it was resolved.
For de IDS to work with pppoe, must I have Promiscuous mode enabled?
i don't know if you need to enabled it, but on my system its enabled and Suricata works fine on a PPPoE connection
thnx, I have Promiscuous enabled and have IDS working.
now hoping that IPS is coming to suricata / opnsense someday soon for PPPOE :-0
@annoniempjuh I just noticed something strange, and I am wondering if you are seeing the same.
In the suricata Alerts log, i see the triggered events, but in stead of them being blocked it says "allowed" ???
When i click on info it says: Configured action "enabled" and Drop.
So how to check if it is a alert log error on pppoe or that the events actually not being dropped but allowed?
Are you seeing the same?
IDS means, its only detecting it, not blocking.
Blocking only happens with IPS..
IPS: intrusion prevention system
IDS: intrusion detection system
Ah, of course it is.... thnx.
Well than the only part left is waiting for Suricata to support pppoe
it's in netmap, not suricata.
Suricata and Zenarmor use netmap
yeah its netmap or Suricata and Zenarmor being able to run both/together on the LAN