Suricata Packet Log Location
-
I turned on packet logging for an interface to test with, but I can't find where to actually access those logs.
I kept getting the "Suspicious User Agent" alert so I wanted to look at the packets to see what actually it's flagging.
-
I turned on packet logging for an interface to test with, but I can't find where to actually access those logs.
I kept getting the "Suspicious User Agent" alert so I wanted to look at the packets to see what actually it's flagging.
i get a ton of them, mostly false positives for me but look here /var/log/suricata/suricata_'interface id'
-
I turned on packet logging for an interface to test with, but I can't find where to actually access those logs.
I kept getting the "Suspicious User Agent" alert so I wanted to look at the packets to see what actually it's flagging.
i get a ton of them, mostly false positives for me but look here /var/log/suricata/suricata_'interface id'
Based on the port being used and theĀ machine it's coming from, I'm fairly certain I know what's triggering it
and if I'm reading the rule right: http://doc.emergingthreats.net/bin/view/Main/2001891
That's being triggered by "3a" or " agent" being in the user agent?