[Oisf-users] not finding alerts

Victor Julien victor at inliniac.net
Tue Mar 27 07:06:37 UTC 2012

On 03/26/2012 04:04 PM, Giannis Tzagarakis wrote:
> Hello,
> I m running suricata v1.2.1 on a trace file
> with a single rule file.
> (attack-responses.rules from VRT)
> While snort finds 9 alerts on this trace
> surcata finds 0.

The first thing that comes to mind would be checksums. In your
/var/log/suricata/stats.log check the tcp.invalid_checksum counter.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list