[Oisf-users] What is: SURICATA Applayer Detect protocol only one direction

Andreas Herz andi at geekosphere.org
Sat Jun 4 23:40:20 UTC 2016

On 03/06/16 at 08:55, Caesar Samsi wrote:
> Hi there,
> Now that I have Suricata up and running, I’m trying to decipher some of the fast.log lines.
> I get a lot of the above log entries: SURICATA Applayer Detect protocol only one direction
> I see it’s a priority 3 (I’m assuming this is a threat level, and 3 is low).
> So is it safe to disable it?

Well it's not unsafe but take a look at it, since it looks like you just
get one direction of your traffic which makes it hard for suricata to
investigate the flow.

Can you describe your setup a little more?

> Thank you, Caesar.

> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

Andreas Herz

More information about the Oisf-users mailing list