[Oisf-users] Suricata Inline
john.jones.here at gmail.com
john.jones.here at gmail.com
Sat Mar 23 23:00:03 UTC 2013
Hi,
I've just installed Suricata in inline mode and have confirmed that it
is working OK by testing my own drop rule.
I'm new to IPS and I'm a little confused.
At present I have been updating the rule files using Oinkmaster which is
also running fine.
The vast majority of rules defined seem to have the action 'alert'. Do I
need to individually modify rules to 'drop' via Oinkmaster before
Suricata will actively start protecting the network, or is it already
doing so?
How do I know if it's actually doing anything? The fast.log shows lots
of activity, but I get the impression it is just showing alerts as
opposed to doing anything.
Apologies for the noob questions :(
Thanks,
John
More information about the Oisf-users
mailing list