[Oisf-users] Suricata not logging drops
Victor Julien
lists at inliniac.net
Mon Oct 10 08:16:18 UTC 2016
On 09-10-16 21:59, Michael Stone wrote:
> On Sun, Oct 09, 2016 at 09:43:16PM +0200, Andreas Herz wrote:
>> Can you also be specific about _how_ you run suricata?
>> So NFQUEUE or AF_PACKET IPS mode?
>
> --af-packet has the problem, --pcap does not
I'm a bit confused here. You mention 'dropping', so that implies IPS
mode. Yet the yaml shows no AF_PACKET IPS settings, and --pcap doesn't
support IPS at all.
If not using IPS mode, what do you expect 'drop' to log?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list