[Oisf-users] IPS
Will Metcalf
william.metcalf at gmail.com
Wed Jun 9 12:32:07 UTC 2010
In this example it should actually be...
iptables -A FORWARD -p tcp --dport 80 -j NFQUEUE
iptables -A FORWARD -p tcp --sport 80 -j NFQUEUE
You need to get both sides of the conversation for it to alert properly.
Regards,
Will
On Wed, Jun 9, 2010 at 6:29 AM, Victor Julien <victor at inliniac.net> wrote:
> Did you add the appropriate iptables rules?
>
> For example for getting port 80 to suricata:
>
> iptables -A FORWARD -p tcp --dport 80 -j NFQUEUE
>
> Cheers,
> Victor
>
> Anas.B wrote:
>>
>> Hello,
>>
>> I've just tested a nmap,
>>
>> I noticed more unified files
>> and alerts in the file fast.log
>> new values in alert-debug.log and stats.log
>>
>> that means it works !!
>>
>> But with the command ==> *# suricata -c /etc/suricata/suricata.yaml -q 0
>>
>> *I have no logs,
>> any suggestions
>>
>> thanks :)
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list