1
Intrusion Detection and Prevention / [Howto] Download and analyze interesting Suricata logs?
« on: October 27, 2022, 07:02:39 am »
Hello,
got IDS/Suricata running with all rules enabled for the last months, with a couple warnings about protocols, dns etc., but nothing really suspicious. Last week found a couple hundred Log entries with udp packets over NAT to a country I normally not send packets to, with additional incoming tcp traffic from the same country but different IP.
Question 1: How to export the Logs with Payload in a usable format
Question 2: is there a Tool which is able to analyze/fingerprint the stream of packets?
Have a nice day and thank you for reading!
got IDS/Suricata running with all rules enabled for the last months, with a couple warnings about protocols, dns etc., but nothing really suspicious. Last week found a couple hundred Log entries with udp packets over NAT to a country I normally not send packets to, with additional incoming tcp traffic from the same country but different IP.
Question 1: How to export the Logs with Payload in a usable format
Question 2: is there a Tool which is able to analyze/fingerprint the stream of packets?
Have a nice day and thank you for reading!