Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
IDS/IPS always report duplicate blockings
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS/IPS always report duplicate blockings (Read 1668 times)
Helle
Newbie
Posts: 24
Karma: 1
IDS/IPS always report duplicate blockings
«
on:
March 12, 2021, 01:01:33 pm »
Since some time ago my opnsense box is always giving two lines with identical info when someone is triggered by the IDS/IPS
I run IDS/IPS only on my lan interface and have 11 rule sets enabled..
Any hint is appreciated
/Helle
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: IDS/IPS always report duplicate blockings
«
Reply #1 on:
March 12, 2021, 05:00:07 pm »
Hi
suricata not using drop.log file any more.
“drop” events go into eve.json file.
since opnsense suricata.yaml contains
Code:
[Select]
- drop:
alerts: yes
it generates two string in log
drop event contains some additional debug info about blocked packet
but maybe it would be nice to add the ability to disable this option
Logged
Helle
Newbie
Posts: 24
Karma: 1
Re: IDS/IPS always report duplicate blockings
«
Reply #2 on:
March 14, 2021, 01:44:11 am »
Ok, thanks for the explanation.
It makes the log look bad but now I know it is not something that is wrong with my system.
/Helle
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
IDS/IPS always report duplicate blockings