Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No alerting happening in Suricata for dropped Rules

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 354 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      Ran into an issue this morning with Suricata Alerting.

      Background: I have emerging-tor.rules set up in SID MGMT to Drop all rules in this category. I did confirm that all the rules are set to Drop.
      To test i opened my ToR browser and as expected it could not set up a connection. I noticed also that an alert was not generated in the Suricata Alerts tab.
      As a test, i removed the emerging-tor.rules category from the Drop list i created and sure enough the ToR browser works without issue so that lets me know that the IPS is doing its job of preventing the connection from establishing
      The alerting is important as there is email alerting along with these Drop rules so i can investigate these alerts.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        See my reply in this thread (to a similar post of yours): https://forum.netgate.com/topic/183539/suricata-alerts-logs-view-broken-due-to-advanced-configuration-pass-through/6.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.