<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><div dir="ltr"><br>On 8 Apr 2019, at 02:48, Kaushal Shriyan <<a href="mailto:kaushalshriyan@gmail.com">kaushalshriyan@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">Hi Bjørn,<div><br></div><div>I do not have any specific requirement regarding NSM and i will appreciate if you can help me understand regarding NSM feature in Suricata. How is it configured and its use case with some examples. </div></div></div></blockquote><div><br></div><div>Just as an FYI </div><div>In the case of Suricata  this NSM mode can log anything it sees but do not do any detection (via —disable-detection option ). In that case all http/dns/ssh/smtp... etc logs will be available but not alerts. This mode is also very cheap in CPU / perf needs and is great if you need just logs/metadata visibility.</div><div><br></div><br><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div><br></div><div>Best Regards,</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Apr 7, 2019 at 10:46 PM Bjørn Ruberg <<a href="mailto:bjorn@ruberg.no">bjorn@ruberg.no</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 07.04.2019 17:39, Kaushal Shriyan wrote:<br>
> Hi Bjørn,<br>
> <br>
> NSM stands for Network Security Monitoring and if i understand it<br>
> correctly, its function is to monitor any malicious traffic. Please<br>
> correct me if i am understanding it completely wrong.<br>
<br>
No that's fine, but that is also basically what an IDS/IPS does.<br>
<br>
That is why I am wondering why you are asking about NSM in addition,<br>
after having configured Suricata for being an IDS/IPS. If you have any<br>
specific requirements from an NSM that Suricata currently doesn't offer,<br>
please mention them so we can help you reach your goal.<br>
<br>
-- <br>
Bjørn<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a></blockquote></div>
</div></blockquote><blockquote type="cite"><div dir="ltr"><span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span></span><br><span>Conference: <a href="https://suricon.net">https://suricon.net</a></span><br><span>Trainings: <a href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></span></div></blockquote></body></html>