[Discussion] Suricata 2.0.1 logging
Lance Lassetter
lancelassetter at gmail.com
Mon May 26 16:32:53 UTC 2014
Would you like me to send my suricata.yaml?
Apologies for not posting inline. I emailed in a hurry this morning.
Lance
On May 26, 2014 8:01 AM, Victor Julien <lists at inliniac.net> wrote:
>
> Please keep the conversation on the list.
>
> On 05/26/2014 02:54 PM, Lance Lassetter wrote:
> > It is attached, thanks.
>
> It's clear that Suricata is not seeing any traffic. If you use the
> normal (non-REPEAT mode), does it work then?
>
> > On May 26, 2014 3:45 AM, Victor Julien <lists at inliniac.net> wrote:
> >>
> >> On 05/24/2014 05:12 PM, Lance Lassetter wrote:
> >>> Fedora just upgraded their stable repos to Suricata 2.0.1 and now nothing is logged with the version 2 and IPS mode. All logfiles are created and I "iptables -vL" the NFQUEUE is seeing packets in Suricata IPS repeat mode. Everything looks correct and I parsed and updated the new suricata.yaml.rpmnew and renamed it to suricata.yaml then restarted Suricata. I even deleted the old logfiles and let suricata create the new ones in either /var/log/suricata or /var/log/IPS.
> >>>
> >>> Once again the logfiles are created by starting Suricata and waiting a minute but they are all blank except for stats.log.
> >>
> >> Can you share a record of your stats.log?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Discussion mailing list
> Discussion at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
More information about the Discussion
mailing list