[Oisf-users] Suricata inline - rule matching stops
Özkan KIRIK
ozkan.kirik at gmail.com
Thu May 22 13:13:14 UTC 2014
Hi,
I am running Suricata 2.0 release inline mode on FreeBSD.
There is single rule as below:
drop tls any any -> any any (msg:"SSL: vtunnel.com"; tls.subject:"
vtunnel.com"; sid:3230059; rev:1;)
At start, everything is fine. I can see drop events on fast.log.
After a while ( about 2 minutes ) suricata gives up dropping packets. No
packets matches rule altough I tried to connect vtunnel.com via https, but
all traffic forwarded.
No threshold configured on yaml file.
How can i debug this problem?
Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140522/47842a07/attachment.html>
More information about the Oisf-users
mailing list