IDS/IPS always report duplicate blockings

Started by Helle, March 12, 2021, 01:01:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2021, 01:01:33 PM
Since some time ago my opnsense box is always giving two lines with identical info when someone is triggered by the IDS/IPS

I run IDS/IPS only on my lan interface and have 11 rule sets enabled..

Any hint is appreciated

/Helle
March 12, 2021, 05:00:07 PM #1
Hi
suricata not using drop.log file any more.
"drop" events go into eve.json file.
since opnsense suricata.yaml contains
Code Select

- drop:
           alerts: yes

it generates two string in log
drop event contains some additional debug info about blocked packet

but maybe it would be nice to add the ability to disable this option


March 14, 2021, 01:44:11 AM #2
Ok, thanks for the explanation.

It makes the log look bad but now I know it is not something that is wrong with my system.

/Helle
Print
Go Up Pages1
User actions