Show posts

Main Menu

Welcome to OPNsense Forum.
Log in
Sign up

Profile Info
- Summary
- Show stats
- Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - marcus

Pages1

Intrusion Detection and Prevention / What is the proper way to verify that Suricata is ready to inspect traffic?

August 26, 2025, 08:35:10 PM

I'm trying to make sure that my test processes are being conducted correctly.

I've been monitoring the suricata process with top from a root shell and I've noticed that it is still quite busy after the Web UI has shown things like saving or applying settings has completed, or after the box beeps the speaker to signal that it's finished booting.

I've had no luck finding an answer to this with a web search.

Is the log file a reliable indicator?

Thanks -

Intrusion Detection and Prevention / Are there any configuration requirements to properly test with pcap traffic?

August 26, 2025, 08:27:30 PM

I'm referring to running pcap traffic through the device from a traffic server, and with the firewall *disabled* in order to focus on the IDS/IPS. Not capturing or replaying traffic from within it.

For instance:

Promiscuous mode on any of the interfaces or the IDS?
Any special NIC settings
Any other tuning requirements

Thanks -

Pages1