English Forums > Intrusion Detection and Prevention
Intrusion detection no showing alerts
cancino:
Hi all
I activate Intrusion Detection, but I do not see alerts.
OPNsense 19.1.7-amd64
suricata 4.1.4
my config:
Enabled [X]
IPS mode [ ]
Promiscuous mode [X]
Pattern matcher Hyperscan
Interfaces [WAN]
the only thing I see in the log is this warning:
OPNsense meerkat: [101053] <Warning> - [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE (317)] - in 5.0 the default for decoder event stats will go from 'decoder. <Proto>. <Event>' to 'decoder.event. <Proto >. <event> '. See ticket # 2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
Can you help me please?
hbc:
Do you have any rulesets enabled and downloaded? Did you trigger something that should generate an alert?
cancino:
Yes, I downloaded all the rules and enabled them
hbc:
And did you generate traffic that should match rules and create alerts?
No alerts can just mean that no suspicious traffic is present, what would be great.
cancino:
I will put it in a test network to validate the installation.
Thank you very much for the help
Navigation
[0] Message Index
[#] Next page
Go to full version