Monitor localhost?

Started by unipacket, August 05, 2019, 02:34:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 05, 2019, 02:34:27 PM
Hello  :)

While testing Suricata, I noticed it does not seem to monitor traffic destined for the firewall itself.  What I did to find this was enabled the ET_DNS rules and attempted to resolve a .tk domain using nslookup.  When using an external DNS server (such as Google), I receive alerts in Suricata.  But when I use OPNsense itself as the DNS server, and attempt to resolve the same domain, I receive no such alerts.  Is this normal?  Is it possible to configure Suricata to monitor the firewall itself for certain alerts (not just DNS)?
Print
Go Up Pages1
User actions