Hello,
after we updatet two opnsense installations from different version to 22.10 suricata dosen't alert/drop packets anymore.
before the updates both installations had suricata running in ips mode with no problems.
we used vlans as interfaces (not the wan interface).
after it stopped working i testet to switch to the partent interface with promiscuous mode enabled.
i even reinstalled suricata and only enabled the opnsense/test rule for eicar.
when it do a test download of the eicar file the ids is doing nothing.
is there something else i can do?
Wir haben nun noch die verschiedenen pattern matcher getestet allerdings ohne Erfolg.
Hat jemand noch eine Idee?