1
Intrusion Detection and Prevention / Suricate not working (any more)
« on: January 21, 2023, 05:49:16 pm »
Hello,
for a long time I had suricate with IPS mode running sucessfuly on WAN. Recently I did a check on my system and found out that no alerts were present any more. I removed all rules, installed opnsense.test.rules and did a check with eicar.com.txt (on http!, not https). Eicar was neither reported in IDS nor in IPS mode. I'm on OPNsense 22.7.11, everything up and running.
I have tried any kinds of combinations of settings in Suricata, including changing interfaces, Promiscuous mode, disabling and reanabling Suricata, deleting and reinstalling the opnsense.test.rules, reboot, but no success.
I would appreciate some guidance on how to track down the problem. It seems that from the webinterface of Opnsense alone I won't be succesful. If one of you professionals would take me by the hand and support me, that would be great. Many thanks.
for a long time I had suricate with IPS mode running sucessfuly on WAN. Recently I did a check on my system and found out that no alerts were present any more. I removed all rules, installed opnsense.test.rules and did a check with eicar.com.txt (on http!, not https). Eicar was neither reported in IDS nor in IPS mode. I'm on OPNsense 22.7.11, everything up and running.
I have tried any kinds of combinations of settings in Suricata, including changing interfaces, Promiscuous mode, disabling and reanabling Suricata, deleting and reinstalling the opnsense.test.rules, reboot, but no success.
I would appreciate some guidance on how to track down the problem. It seems that from the webinterface of Opnsense alone I won't be succesful. If one of you professionals would take me by the hand and support me, that would be great. Many thanks.