Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Monitor localhost?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Monitor localhost? (Read 1869 times)
unipacket
Newbie
Posts: 34
Karma: 1
Monitor localhost?
«
on:
August 05, 2019, 02:34:27 pm »
Hello
While testing Suricata, I noticed it does not seem to monitor traffic destined for the firewall itself. What I did to find this was enabled the ET_DNS rules and attempted to resolve a .tk domain using nslookup. When using an external DNS server (such as Google), I receive alerts in Suricata. But when I use OPNsense itself as the DNS server, and attempt to resolve the same domain, I receive no such alerts. Is this normal? Is it possible to configure Suricata to monitor the firewall itself for certain alerts (not just DNS)?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Monitor localhost?
