suricata initial setup/test

Started by wfx3, December 03, 2021, 02:04:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 03, 2021, 02:04:37 AM
i need some help with initial setup of suricata 6.0.4 on opnsense 21.7.6 ..

Quote from: pankaj on September 11, 2021, 07:54:25 PM
For those wanting to get started with IDS/IPS, this is an excellent tutorial - https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s

is the youtube tutorial from last year now outdated? i tried:

Interfaces > Settings > Network Interfaces
hardware acceleration x3 turned off

Services > Intrusion Detection > Administration > Settings
enabled
IPS mode off so IDS will alert only
Interfaces > LAN only because Firewall > NAT > Outbound is Automatic

Administration > Download
enabled and downloaded/updated the test ruleset OPNsense-App-detect/test

Administration > Rules
7999999   alert   opnsense.test.rules   bad-unknown   OPNsense test eicar virus

Administration > Schedule
enabled default daily update

Code Select
2021-12-02T19:50:48 suricata[27873] [100250] <Notice> -- all 1 packet processing threads, 4 management threads initialized, engine started.
2021-12-02T19:50:48 suricata[26200] [100160] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode

Code Select
$ curl http://pkg.opnsense.org/test/eicar.com.txt

but no luck getting the client download of eicar.com.txt to trigger an alert

Administration > Alerts
No results found!

so i tried adding a policy but still no luck

Services > Intrusion Detection > Policy
enabled
priority: 0
rulesets: opnsense.test.rules
action: alert
rules classtype: nothing selected
new acton: alert

December 14, 2021, 03:18:35 PM #1
i've seen this video. the only think i see two dudes talking about IDS but no tutorial or whatsoever.
i hope someone would pop up with a tutorial
DEC4240 – OPNsense Owner
Print
Go Up Pages1
User actions