[Discussion] Suricata 2.0.1 logging

• Previous message (by thread): [Discussion] Suricata 2.0.1 Available!
• Next message (by thread): [Discussion] Suricata 2.0.1 logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fedora just upgraded their stable repos to Suricata 2.0.1 and now nothing is logged with the version 2 and IPS mode.  All logfiles are created and I "iptables -vL" the NFQUEUE is seeing packets in Suricata IPS repeat mode.  Everything looks correct and I parsed and updated the new suricata.yaml.rpmnew and renamed it to suricata.yaml then restarted Suricata.  I even deleted the old logfiles and let suricata create the new ones in either /var/log/suricata or /var/log/IPS.

Once again the logfiles are created by starting Suricata and waiting a minute but they are all blank except for stats.log.

If the NFQUEUE in Netfilter is seeing traffic, does that mean the IPS is working and it is a Suricata logging problem or if nothing is in drop.log, then it's not actively dropping packets?

I doubt it but could this be a bug?

Lance

• Previous message (by thread): [Discussion] Suricata 2.0.1 Available!
• Next message (by thread): [Discussion] Suricata 2.0.1 logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]