[Oisf-users] What is: SURICATA Applayer Detect protocol only one direction
Andreas Herz
andi at geekosphere.org
Sat Jun 4 23:40:20 UTC 2016
On 03/06/16 at 08:55, Caesar Samsi wrote:
> Hi there,
>
> Now that I have Suricata up and running, I’m trying to decipher some of the fast.log lines.
>
> I get a lot of the above log entries: SURICATA Applayer Detect protocol only one direction
>
> I see it’s a priority 3 (I’m assuming this is a threat level, and 3 is low).
>
> So is it safe to disable it?
Well it's not unsafe but take a look at it, since it looks like you just
get one direction of your traffic which makes it hard for suricata to
investigate the flow.
Can you describe your setup a little more?
> Thank you, Caesar.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Andreas Herz
More information about the Oisf-users
mailing list