3. Suricata 1.4.6 pkg v1.0.1 no alerts, no blocking

Suricata 1.4.6 pkg v1.0.1 no alerts, no blocking

  • S

    Hi!

    i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.

    In log i don see any alerts, no blocking.

    I have tested with grc.com  :((

    I have pfsense 2.1.3 x64

    0
  • Moderator

    Did you restart the Suricata interfaces after you turned blocking mode on?

    0

  • @simby:

    Hi!

    i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.

    In log i don see any alerts, no blocking.

    I have tested with grc.com  :((

    I have pfsense 2.1.3 x64

    Not a good idea at all to run these two packages together on the same firewall.  I would remove the Snort package if you want to use Suricata.  Also, did you select some rules for Suricata to enforce?  You did not mention that in your post.  Oh, and one other point– Suricata really works best only with the Emerging Threats rules.  There are many of the Snort rules that have Snort-specific keywords in them, and these rules will fail to compile on Suricata.  Suricata will start, but it will not use any rules that fail to compile.  This is different from Snort.  If Snort chokes on any rule during compilation, it will not start up.  Go to the Logs Browser tab and examine the suricata.log file for the interface and look for any errors.

    Bill

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy