IDS no alterts

Started by dotsch, June 01, 2025, 01:34:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 01, 2025, 01:34:16 PM
Comming from pfSense, I have troubles to get the IDS got working.

I have not get any alerts on the WAN, some few on the LAN. Tried several different pattern matcher, promisc / non promisc, policies and rule enablements, but there are no or only a few alters in the log.

Also the EICAR test was not successful. No alert nor blocking.

 
June 05, 2025, 03:52:20 PM #1
I also have never seen any alerts no matter how I configure the system, Suricata alone on a test install or with other plugins.

Does anyone using IDS/IPS actually have it working properly showing alerts? Does anyone actually use IDS/IPS on OPNsense?

I wound up installing an IPFire system on the edge before the OPNsense system and Suricata is working just fine on that system.
Print
Go Up Pages1
User actions