<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>There are EmergingThreats ICMP 'info' rules for logging ICMP
traffic (icmp_info.rules).<br>
</p>
Just enable the ones you want.<br>
<br>
-Coop<br>
<br>
<div class="moz-cite-prefix">On 10/3/2018 4:20 PM, Brian Kellogg
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOAzwcfXLZ6PsWLe94VYXuRMV5Wk4Nc0YzprT0Aa__CfgkPOzA@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div>Trying to figure out how to log ICMP conns. Hoping someone
can clue me into something I'm missing to get ICMP logging
working?<br>
</div>
<div><br>
</div>
<div>I'm using "flow", not "netflow", for logging</div>
<div><br>
</div>
<div><br>
</div>
<div>thanks </div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Suricata IDS Users mailing list: <a class="moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
Site: <a class="moz-txt-link-freetext" href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a class="moz-txt-link-freetext" href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a>
List: <a class="moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
Conference: <a class="moz-txt-link-freetext" href="https://suricon.net">https://suricon.net</a>
Trainings: <a class="moz-txt-link-freetext" href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
<a class="moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042</pre>
</body>
</html>