Suricata 1.4.6 pkg v1.0.1 no alerts, no blocking
-
Hi!
i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.
In log i don see any alerts, no blocking.
I have tested with grc.com :((
I have pfsense 2.1.3 x64
-
Did you restart the Suricata interfaces after you turned blocking mode on?
-
Hi!
i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.
In log i don see any alerts, no blocking.
I have tested with grc.com :((
I have pfsense 2.1.3 x64
Not a good idea at all to run these two packages together on the same firewall. I would remove the Snort package if you want to use Suricata. Also, did you select some rules for Suricata to enforce? You did not mention that in your post. Oh, and one other point– Suricata really works best only with the Emerging Threats rules. There are many of the Snort rules that have Snort-specific keywords in them, and these rules will fail to compile on Suricata. Suricata will start, but it will not use any rules that fail to compile. This is different from Snort. If Snort chokes on any rule during compilation, it will not start up. Go to the Logs Browser tab and examine the suricata.log file for the interface and look for any errors.
Bill
