Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
[SOLVED] So I enabled Suricata - what now?
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: [SOLVED] So I enabled Suricata - what now? (Read 14804 times)
Patrick M. Hausen
Hero Member
Posts: 6853
Karma: 575
Re: [SOLVED] So I enabled Suricata - what now?
«
Reply #15 on:
February 28, 2022, 12:10:30 pm »
I am successfully running it on the VLAN. IDS mode, only. I am just interested in the statistics, no IPS. Next: investigate the "pfELK" stack to get it all into Elastic.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
abulafia
Full Member
Posts: 156
Karma: 8
Re: [SOLVED] So I enabled Suricata - what now?
«
Reply #16 on:
March 03, 2022, 12:52:39 pm »
In the meantime, you can also have suricataog events as JSON and alert yourself per email through monit (monitoring the JSON file). There is documentation floating around. I could also dig up the config later tonight if needed.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
[SOLVED] So I enabled Suricata - what now?