[Oisf-users] Suricata Heartbeat Alert
Jason Ish
ish at unx.ca
Mon Jul 31 22:22:05 UTC 2017
On Fri, Jul 28, 2017 at 8:38 AM, Jason Ish <ish at unx.ca> wrote:
> On 2017-07-28 07:37 AM, Charles Devoe wrote:
>
>> Is there a way to have Suricata create a heartbeat alert? This alert
>> would be a dummy alert and would be used to let us know that the Suricata
>> system is up and working and all of our ancillary functions are also
>> working.
>>
>
> No, Suricata does not support this. I know others have accomplished this
> by using a custom rule and periodically injecting a special packet into
> their network as a heartbeat. This is more a complete test as it tests the
> actual packet reception by the monitoring system as well.
Or, if using eve, just look for the stats event record that is published
periodically. Its presence alone could be used to tell you that Suricata is
alive. Values within it can be used to see if packets are actually being
read.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170731/324de6e1/attachment-0002.html>
More information about the Oisf-users
mailing list