[Oisf-users] Trouble with suricata
Sergey Malinkin
malinkinsa at gmail.com
Thu Jun 2 06:26:49 UTC 2016
Hello, i have a trouble.
We clone VM with suricata 3. But suricata did not catch anything. Empty
fast.log, ssh.json In original place (where does a copy of VM suricata work
fine)
If i run tcpdump i can see the mirroring traffic, for example i test on
next rule:
alert tcp $HOME_NET any -> $HOME_NET any (msg:"SSH in internal net";
flow:established, to_server; content: "SSH-"; sid:100999; rev:1;)
I connect to the VM, another unix pc and nothing in fast.log or ssh.json
>From suricata.yaml:
- fast:
enabled: yes
filename: fast.log
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
- eve-log:
enabled: yes
type: file
filename: ssh.json
types:
- ssh
May be you know what to do?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160602/8fc71d40/attachment.html>
More information about the Oisf-users
mailing list