[Oisf-users] Dropped Traffic Help
Victor Julien
lists at inliniac.net
Thu Nov 2 12:06:25 UTC 2017
On 02-11-17 11:53, Phil Daws wrote:
> Good day,
>
> I am trying to run a task on my Wordpress site but it keeps failing and
> was unsure why. Have looked at my Suricata eve.json file and see the
> following:
>
> {"timestamp":"2017-11-02T10:45:00.965916+0000","flow_id":140715104969808,"event_type":"drop","src_ip":"192.168.1.56","src_port":53176,"dest_ip":"69.46.36.28","dest_port":443,"proto":"TCP","drop":{"len":266,"tos":0,"ttl":63,"ipid":32780,"tcpseq":3070513294,"tcpack":2284897518,"tcpwin":115,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}}
>
> What is this message telling me about the drop as no rule is being shown ?
>
One option is that there is a 'noalert' rule that is set to drop. It
will not generate alerts, but it will drop. To see these make sure to
enable this option:
https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L224
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list