Help me understand suricata

Started by nwabytes, February 19, 2020, 07:00:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 19, 2020, 07:00:45 PM Last Edit: February 20, 2020, 02:05:21 AM by nwabytes
Im coming from Pfsense, I really like everything i see with OPNSense. I have one issue and its suricata.
Ive tried bare metal and virtualization, I cant seem to get  it working.
Im use to seeing alerts and blocks. with OPNSense there never anything in alerts. ive read over the forums disabled the snort rules. Heres my logs as of now.

Code Select
2020-02-19T11:42:52 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:40:15 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:37:27 suricata[4136]: [100381] <Notice> -- rule reload complete
2020-02-19T11:34:53 suricata[4136]: [100381] <Notice> -- rule reload starting
2020-02-19T11:33:15 suricata[4136]: [100381] <Notice> -- all 4 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:31:35 suricata: [100381] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:31:35 suricata: [100174] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0+': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:35 suricata[29109]: [100462] <Notice> -- Stats for 'vtnet0': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- Signal Received. Stopping engine.
2020-02-19T11:31:34 suricata[29109]: [100462] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-02-19T11:30:23 suricata: [100462] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-02-19T11:30:23 suricata: [100107] <Notice> -- This is Suricata version 4.1.6 RELEASE
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1+': pkts: 1611, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Stats for 'vtnet1': pkts: 2052, drop: 0 (0.00%), invalid chksum: 0
2020-02-19T11:30:22 suricata[83230]: [100462] <Notice> -- Signal Received. Stopping engine.
Print
Go Up Pages1
User actions