Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nwabytes

Pages1
#1
Intrusion Detection and Prevention / Help me understand suricata
February 19, 2020, 07:00:45 PM
Im coming from Pfsense, I really like everything i see with OPNSense. I have one issue and its suricata.
Ive tried bare metal and virtualization, I cant seem to get  it working.
Im use to seeing alerts and blocks. with OPNSense there never anything in alerts. ive read over the forums disabled the snort rules. Heres my logs as of now.

Code Select
2020-02-19T11:42:52 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:34:53 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:33:15 suricata[4136]: [100381] <Notice> -- all 4 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:31:35 suricata: [100381] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:31:35 suricata: [100174] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0+': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- Signal Received. Stopping engine.
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:30:23 suricata: [100462] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:30:23 suricata: [100107] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1+': pkts: 1611, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1': pkts: 2052, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Signal Received. Stopping engine.
Pages1