Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata as flow loggin engine
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata as flow loggin engine (Read 5083 times)
bob@afrinet.eu
Newbie
Posts: 26
Karma: 1
Lively cybersec aficionado
Suricata as flow loggin engine
«
on:
July 11, 2018, 11:20:18 am »
I think It would be nice to be able to use the suricata flow logging feature as described here :
https://blog.inliniac.net/2014/07/28/suricata-flow-logging/
For the time being there does not seem to have any option in the GUI to send flow to an external loger (beside local log files).
Is there any way to override the configuration of Suricata ?
What are the compile time options used ?
Main idea would be to be able to use Suricata as a Netflow / Flow collector.
I know this is handled using Netflow in OPNSense, but wouldn't the Suricata log collecting be more efficient ?
Furthermore Suricata has the ability to handle bi-directional flows, where Netflow handles them only unidirectional.
Thanks for your answer.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Suricata as flow loggin engine
«
Reply #1 on:
July 11, 2018, 12:27:35 pm »
I'm not sure if your system will explode if you use Suricata for accounting purposes.
The flows are only logged for a rule match. So you need a rule to match everything ... ??
The files are already locally in /var/log/suricata/eve.json
But only for rule matches ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata as flow loggin engine
