Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
[Howto] Download and analyze interesting Suricata logs?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Howto] Download and analyze interesting Suricata logs? (Read 1467 times)
ccna_student
Newbie
Posts: 3
Karma: 1
[Howto] Download and analyze interesting Suricata logs?
«
on:
October 27, 2022, 07:02:39 am »
Hello,
got IDS/Suricata running with all rules enabled for the last months, with a couple warnings about protocols, dns etc., but nothing really suspicious. Last week found a couple hundred Log entries with udp packets over NAT to a country I normally not send packets to, with additional incoming tcp traffic from the same country but different IP.
Question 1: How to export the Logs with Payload in a usable format
Question 2: is there a Tool which is able to analyze/fingerprint the stream of packets?
Have a nice day and thank you for reading!
Logged
ccna_student
Newbie
Posts: 3
Karma: 1
Re: [Howto] Download and analyze interesting Suricata logs?
«
Reply #1 on:
October 28, 2022, 08:03:20 am »
I got the log files, but more important - the json-files - with scp from and used a tool called BRIM to analyze them.
https://www.brimdata.io/
Have a great weekend!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
[Howto] Download and analyze interesting Suricata logs?