4. Suricata doesn't work the rules

Suricata doesn't work the rules

  • H

    I have Suricata configured with two interfaces, one with ens32 and another with ens160 (in this one I use it for the port mirror so it takes all the info that passes through the switch). I have also changed the interface that is in meerkat.yaml.
    With tcpdump - i ens160 it picks up all the info correctly. The problem is that I ping the meerkat and the ICMP alert doesn't go off, so the rules don't work.
    Could someone help me? It's quite urgent... Please

    0

  • This does not sound like you are using the Suricata package on pfSense. What is "meerkat.yaml" and where did that file come from? That is not something that is part of the pfSense package.

    This entire forum is for Suricata on the pfSense firewall distro only. It is not a generic Suricata forum. This forum is only for the GUI wrapper for Suricata available on pfSense. If you are running Suricata on some other platform such as Linux, Ubuntu, etc., then you can try posting your issues here: https://redmine.openinfosecfoundation.org/projects/suricata.

    0
  • H

    Ok. Thanks man ;)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy