Need help with 18.1.4 Suricata changes

Started by SecAficionado, March 13, 2018, 12:59:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 13, 2018, 12:59:53 AM Last Edit: March 13, 2018, 02:44:33 AM by SecAficionado
Hi,

After the 18.1.4 update, suricata complains about syslogd. The log tab under IPS has never shown any entries other than "/var/log/suricata.log yielded no results". However, now I am getting an error with red letters!

In the release notes there is an item:
* intrusion detection: proper syslog with drops, requires log file reset

Are the two items related? Any directions on how to help suricata use /var/log/suricata.log and how to reset the log file are welcome.

Thanks!
March 14, 2018, 06:31:13 PM #1
What's your red letter alert if you don't mind sharing?

Yes, reset IDS log file and enable Syslog mode in IDS settings.


Cheers,
Franco
Print
Go Up Pages1
User actions