Suricata doesn't work the rules



  • I have Suricata configured with two interfaces, one with ens32 and another with ens160 (in this one I use it for the port mirror so it takes all the info that passes through the switch). I have also changed the interface that is in meerkat.yaml.
    With tcpdump - i ens160 it picks up all the info correctly. The problem is that I ping the meerkat and the ICMP alert doesn't go off, so the rules don't work.
    Could someone help me? It's quite urgent... Please



  • This does not sound like you are using the Suricata package on pfSense. What is "meerkat.yaml" and where did that file come from? That is not something that is part of the pfSense package.

    This entire forum is for Suricata on the pfSense firewall distro only. It is not a generic Suricata forum. This forum is only for the GUI wrapper for Suricata available on pfSense. If you are running Suricata on some other platform such as Linux, Ubuntu, etc., then you can try posting your issues here: https://redmine.openinfosecfoundation.org/projects/suricata.



  • Ok. Thanks man ;)


Log in to reply