Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata logs

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    2
    170
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Danil 0
      last edited by Danil 0

      Is it possible to disable repeatedly logs from suricata to main log?

      For example, i have only one line on suricata log.
      Suri_block.png Hi,

      If attacker repeated attempt, i have more line on main firewall log
      Sys_log.png

      Also i have disable Log to System Log.

      Thanks for help.

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @Danil 0
        last edited by bmeeks

        @Danil-0 said in Suricata logs:

        Is it possible to disable repeatedly logs from suricata to main log?

        For example, i have only one line on suricata log.
        Suri_block.png Hi,

        If attacker repeated attempt, i have more line on main firewall log
        Sys_log.png

        Also i have disable Log to System Log.

        Thanks for help.

        Suricata does not put those entries in the System Log that you marked. Those are from the pf firewall engine itself. It's logging traffic hitting the built-in rule that exists for the snort2c pf table that is used to implement Suricata blocking (and Snort, if that package is installed). Suricata does not, and cannot, log to the firewall log tab. It can only log to the system tab.

        Suricata "blocks" by adding IP addresses to a pre-existing pf firewall engine table. pfSense creates a built-in rule automatically each time it builds the firewall rules that blocks IP addresses added to the snort2c table.

        You should not see these logged entries if you enable the option to "do not log default rules" in the Settings tab of the System Logs tab of pfSense.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post