Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata not working ? How to check ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata not working ? How to check ? (Read 3361 times)
actionhenkt
Jr. Member
Posts: 50
Karma: 2
Suricata not working ? How to check ?
«
on:
September 20, 2020, 10:32:12 am »
Hi, I seem to have some issues with suricata. Currently im on the latest opnsense with netmap kernel also have sensei installed on it.
Suricata seems to generate alerts, I see some scan attempts on my open ports on the WAN side, but I also have a few rules enabled where I would expect suricata to alert and block the connection. In the emerging-info rules there is a rule enabled for a visit to
http://www.whatismyip.com
. Visiting this website should be blocked and alerted by suricata but there is no alert .. Regarding this, I only have suricata enabled on my WAN interface ... since I also have sensei enabled, if I also enabled suricata on my LAN the suricata service seems to crash.
How/where/what log can I check to see if suricata is doing anything ?
Thanks!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Suricata not working ? How to check ?
«
Reply #1 on:
September 20, 2020, 11:27:10 am »
You cant run Sensei and Suri on the same nic
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
actionhenkt
Jr. Member
Posts: 50
Karma: 2
Re: Suricata not working ? How to check ?
«
Reply #2 on:
September 21, 2020, 07:55:53 pm »
same nic you mean WAN / LAN or physical nic (i have 2 lan ports on my nic? Sensei is running on LAN+vlans and suricata is running on WAN
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata not working ? How to check ?
