Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata doesn't work the rules

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 422 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      huvertoon
      last edited by

      I have Suricata configured with two interfaces, one with ens32 and another with ens160 (in this one I use it for the port mirror so it takes all the info that passes through the switch). I have also changed the interface that is in meerkat.yaml.
      With tcpdump - i ens160 it picks up all the info correctly. The problem is that I ping the meerkat and the ICMP alert doesn't go off, so the rules don't work.
      Could someone help me? It's quite urgent... Please

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        This does not sound like you are using the Suricata package on pfSense. What is "meerkat.yaml" and where did that file come from? That is not something that is part of the pfSense package.

        This entire forum is for Suricata on the pfSense firewall distro only. It is not a generic Suricata forum. This forum is only for the GUI wrapper for Suricata available on pfSense. If you are running Suricata on some other platform such as Linux, Ubuntu, etc., then you can try posting your issues here: https://redmine.openinfosecfoundation.org/projects/suricata.

        1 Reply Last reply Reply Quote 0
        • H
          huvertoon
          last edited by

          Ok. Thanks man ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.