<div><span style="background-color:rgb(255, 255, 255)"><span style="color:rgb(85, 85, 85)"><span style="font-family:monospace"><span style="font-size:14px">I was able to get Suricata's autoupdate system to work but am now having issues getting alerts generated - despite going on </span></span></span></span><a target="_blank" rel="noreferrer nofollow noopener" href="http://checkmyids.com/" style="background-color: rgb(255, 255, 255); font-family: monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre-wrap; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">checkmyids.com</a><span style="background-color:rgb(255, 255, 255)"><span style="color:rgb(85, 85, 85)"><span style="font-family:monospace"><span style="font-size:14px">, using Tor, and running wget </span></span></span></span><a target="_blank" rel="noreferrer nofollow noopener" href="http://testmyids.com/" style="background-color: rgb(255, 255, 255); font-family: monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre-wrap; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">testmyids.com</a><span style="background-color:rgb(255, 255, 255)"><span style="color:rgb(85, 85, 85)"><span style="font-family:monospace"><span style="font-size:14px"> and nmap from my pi w/ Suricata on it, nothing has been added to alerts:
</span></span></span></span><br></div><div><br></div><div><span style="background-color:rgb(255, 255, 255)"><span style="color:rgb(85, 85, 85)"><span style="font-family:monospace"><span style="font-size:14px">
</span></span></span></span><span>drwxr-xr-x 10 root root<span>      </span>4096 Feb<span>  </span>8 04:32 </span><span><b>BriarIDS</b></span><br></div><p><span>-rw-r-----<span>  </span>1 root root<span>  </span>25209352 Feb 12 16:42 eve.json</span><br></p><p><span>-rw-r-----<span>  </span>1 root root 140588547 Feb 11 06:25 eve.json.1</span><br></p><p><span>-rw-r-----<span>  </span>1 root root<span>    </span>315811 Feb<span>  </span>3 06:25 </span><span><b>eve.json.2.gz</b></span><br></p><p><span>-rw-r-----<span>  </span>1 root root <span>        </span>0 Feb 11 06:25 fast.log</span><br></p><p><span>-rw-r-----<span>  </span>1 root root <span>        </span>0 Feb 11 06:25 fast.log.1</span><br></p><p><span>-rw-r-----<span>  </span>1 root root<span>        </span>20 Feb<span>  </span>1 13:17 </span><span><b>fast.log.2.gz</b></span><br></p><p><span>-rw-r--r--<span>  </span>1 root root<span>        </span>39 Jan 15<span>  </span>2007 index.html</span><br></p><p><span>-rw-r-----<span>  </span>1 root root<span>  </span>13408670 Feb 12 16:42 stats.log</span><br></p><p><span>-rw-r-----<span>  </span>1 root root<span>  </span>74700748 Feb 11 06:25 stats.log.1</span><br></p><p><span>-rw-r-----<span>  </span>1 root root<span>    </span>212177 Feb<span>  </span>3 06:25 </span><span><b>stats.log.2.gz</b></span><br></p><p><span>-rw-r--r--<span>  </span>1 root root <span>      </span>224 Feb 12 06:27 suricata.log</span><br></p><p><span>-rw-r--r--<span>  </span>1 root root<span>      </span>1345 Feb 11 06:25 suricata.log.1</span><br></p><p><span>-rw-r--r--<span>  </span>1 root root <span>      </span>487 Feb<span>  </span>2 06:26 </span><span><b>suricata.log.2.gz</b></span><br></p><div><br></div><div>Is this a permissions issue? When I had a previous install of Suricata I would be able to see the alerts generated when I ran Tor - should I just start adding rules to the config file to try to create sample alerts? </div><div><br></div><div><br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-user">Sent from <a href="https://protonmail.ch">ProtonMail</a>, encrypted email based in Switzerland.<br></div><div><br></div><div class="protonmail_signature_block-proton">Sent with <a target="_blank" href="https://protonmail.com">ProtonMail</a> Secure Email.<br></div></div><div><br></div>