Comming from pfSense, I have troubles to get the IDS got working.
I have not get any alerts on the WAN, some few on the LAN. Tried several different pattern matcher, promisc / non promisc, policies and rule enablements, but there are no or only a few alters in the log.
Also the EICAR test was not successful. No alert nor blocking.
I also have never seen any alerts no matter how I configure the system, Suricata alone on a test install or with other plugins.
Does anyone using IDS/IPS actually have it working properly showing alerts? Does anyone actually use IDS/IPS on OPNsense?
I wound up installing an IPFire system on the edge before the OPNsense system and Suricata is working just fine on that system.