OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: SecAficionado on March 13, 2018, 12:59:53 am

Title: Need help with 18.1.4 Suricata changes
Post by: SecAficionado on March 13, 2018, 12:59:53 am
Hi,

After the 18.1.4 update, suricata complains about syslogd. The log tab under IPS has never shown any entries other than "/var/log/suricata.log yielded no results". However, now I am getting an error with red letters!

In the release notes there is an item:
* intrusion detection: proper syslog with drops, requires log file reset

Are the two items related? Any directions on how to help suricata use /var/log/suricata.log and how to reset the log file are welcome.

Thanks!
Title: Re: Need help with 18.1.4 Suricata changes
Post by: franco on March 14, 2018, 06:31:13 pm
What's your red letter alert if you don't mind sharing?

Yes, reset IDS log file and enable Syslog mode in IDS settings.


Cheers,
Franco