English Forums > Intrusion Detection and Prevention

Intrusion detection no showing alerts

(1/2) > >>

cancino:
Hi all
I activate Intrusion Detection, but I do not see alerts.

OPNsense 19.1.7-amd64
suricata 4.1.4

my config:
 Enabled [X]
 IPS mode  [ ]
 Promiscuous mode [X]

 Pattern matcher  Hyperscan

 Interfaces  [WAN]


the only thing I see in the log is this warning:

OPNsense meerkat: [101053] <Warning> - [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE (317)] - in 5.0 the default for decoder event stats will go from 'decoder. <Proto>. <Event>' to 'decoder.event. <Proto >. <event> '. See ticket # 2225. To suppress this message, set stats.decoder-events-prefix in the yaml.

Can you help me please?

hbc:
Do you have any rulesets enabled and downloaded? Did you trigger something that should generate an alert?

cancino:
Yes, I downloaded all the rules and enabled them

hbc:
And did you generate traffic that should match rules and create alerts?
No alerts can just mean that no suspicious traffic is present, what would be great.

cancino:
I will put it in a test network to validate the installation.
Thank you very much for the help

Navigation

[0] Message Index

[#] Next page

Go to full version