[Oisf-users] Dropped Traffic Help
Phil Daws
uxbod at splatnix.net
Thu Nov 2 12:27:14 UTC 2017
Hi Victor,
I guess this was introduced in v4 as am currently running v3?
Thanks - Phil
----- On 2 Nov, 2017, at 12:06, Victor Julien lists at inliniac.net wrote:
> On 02-11-17 11:53, Phil Daws wrote:
>> Good day,
>>
>> I am trying to run a task on my Wordpress site but it keeps failing and
>> was unsure why. Have looked at my Suricata eve.json file and see the
>> following:
>>
>> {"timestamp":"2017-11-02T10:45:00.965916+0000","flow_id":140715104969808,"event_type":"drop","src_ip":"192.168.1.56","src_port":53176,"dest_ip":"69.46.36.28","dest_port":443,"proto":"TCP","drop":{"len":266,"tos":0,"ttl":63,"ipid":32780,"tcpseq":3070513294,"tcpack":2284897518,"tcpwin":115,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}}
>>
>> What is this message telling me about the drop as no rule is being shown ?
>>
>
> One option is that there is a 'noalert' rule that is set to drop. It
> will not generate alerts, but it will drop. To see these make sure to
> enable this option:
>
> https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L224
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list