Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 1.4.6 pkg v1.0.1 no alerts, no blocking

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simby
      last edited by

      Hi!

      i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.

      In log i don see any alerts, no blocking.

      I have tested with grc.com  :((

      I have pfsense 2.1.3 x64

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Did you restart the Suricata interfaces after you turned blocking mode on?

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @simby:

          Hi!

          i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.

          In log i don see any alerts, no blocking.

          I have tested with grc.com  :((

          I have pfsense 2.1.3 x64

          Not a good idea at all to run these two packages together on the same firewall.  I would remove the Snort package if you want to use Suricata.  Also, did you select some rules for Suricata to enforce?  You did not mention that in your post.  Oh, and one other point– Suricata really works best only with the Emerging Threats rules.  There are many of the Snort rules that have Snort-specific keywords in them, and these rules will fail to compile on Suricata.  Suricata will start, but it will not use any rules that fail to compile.  This is different from Snort.  If Snort chokes on any rule during compilation, it will not start up.  Go to the Logs Browser tab and examine the suricata.log file for the interface and look for any errors.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.