[SOLVED] So I enabled Suricata - what now?

Started by Patrick M. Hausen, November 29, 2021, 10:01:47 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 28, 2022, 12:10:30 PM #15
I am successfully running it on the VLAN. IDS mode, only. I am just interested in the statistics, no IPS. Next: investigate the "pfELK" stack to get it all into Elastic.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 03, 2022, 12:52:39 PM #16
In the meantime, you can also have suricataog events as JSON and alert yourself per email through monit (monitoring the JSON file). There is documentation floating around. I could also dig up the config later tonight if needed.
Print
Go Up Pages 1 2
User actions