[Oisf-users] What is: SURICATA Applayer Detect protocol only one direction
Anoop Saldanha
anoopsaldanha at gmail.com
Tue Jun 7 13:44:49 UTC 2016
On Sun, Jun 5, 2016 at 5:10 AM, Andreas Herz <andi at geekosphere.org> wrote:
> On 03/06/16 at 08:55, Caesar Samsi wrote:
>> Hi there,
>>
>> Now that I have Suricata up and running, I’m trying to decipher some of the fast.log lines.
>>
>> I get a lot of the above log entries: SURICATA Applayer Detect protocol only one direction
>>
>> I see it’s a priority 3 (I’m assuming this is a threat level, and 3 is low).
>>
>> So is it safe to disable it?
>
It means that it is able to detect the protocol for only one direction
of a flow. I would investigate and see what are these flows in
question.
> Well it's not unsafe but take a look at it, since it looks like you just
> get one direction of your traffic which makes it hard for suricata to
> investigate the flow.
>
> Can you describe your setup a little more?
>
>> Thank you, Caesar.
>
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list