OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Need help with 18.1.4 Suricata changes
« previous next »
  • Print
Pages: [1]

Author Topic: Need help with 18.1.4 Suricata changes  (Read 1947 times)

SecAficionado

  • Newbie
  • *
  • Posts: 39
  • Karma: 3
    • View Profile
Need help with 18.1.4 Suricata changes
« on: March 13, 2018, 12:59:53 am »
Hi,

After the 18.1.4 update, suricata complains about syslogd. The log tab under IPS has never shown any entries other than "/var/log/suricata.log yielded no results". However, now I am getting an error with red letters!

In the release notes there is an item:
* intrusion detection: proper syslog with drops, requires log file reset

Are the two items related? Any directions on how to help suricata use /var/log/suricata.log and how to reset the log file are welcome.

Thanks!
« Last Edit: March 13, 2018, 02:44:33 am by SecAficionado »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13695
  • Karma: 1177
    • View Profile
Re: Need help with 18.1.4 Suricata changes
« Reply #1 on: March 14, 2018, 06:31:13 pm »
What's your red letter alert if you don't mind sharing?

Yes, reset IDS log file and enable Syslog mode in IDS settings.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Need help with 18.1.4 Suricata changes
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2