Suricata not working ? How to check ?

Started by actionhenkt, September 20, 2020, 10:32:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 20, 2020, 10:32:12 AM
Hi, I seem to have some issues with suricata. Currently im on the latest opnsense with netmap kernel also have sensei installed on it.

Suricata seems to generate alerts, I see some scan attempts on my open ports on the WAN side, but I also have a few rules enabled where I would expect suricata to alert and block the connection. In the emerging-info rules there is a rule enabled for a visit to http://www.whatismyip.com. Visiting this website should be blocked and alerted by suricata but there is no alert .. Regarding this, I only have suricata enabled on my WAN interface ... since I also have sensei enabled, if I also enabled suricata on my LAN the suricata service seems to crash.

How/where/what log can I check to see if suricata is doing anything ?
Thanks!
September 20, 2020, 11:27:10 AM #1
You cant run Sensei and Suri on the same nic
September 21, 2020, 07:55:53 PM #2
same nic you mean WAN / LAN or physical nic (i have 2 lan ports on my nic? Sensei is running on LAN+vlans and suricata is running on WAN
Print
Go Up Pages1
User actions