[Oisf-users] Dropped Traffic Help

Victor Julien lists at inliniac.net
Thu Nov 2 12:46:48 UTC 2017


On 02-11-17 13:27, Phil Daws wrote:
> I guess this was introduced in v4 as am currently running v3?

It was added in 3.1.2.

Cheers,
Victor

> 
> Thanks - Phil
> 
> ----- On 2 Nov, 2017, at 12:06, Victor Julien lists at inliniac.net wrote:
> 
>> On 02-11-17 11:53, Phil Daws wrote:
>>> Good day,
>>>
>>> I am trying to run a task on my Wordpress site but it keeps failing and
>>> was unsure why.  Have looked at my Suricata eve.json file and see the
>>> following:
>>>
>>> {"timestamp":"2017-11-02T10:45:00.965916+0000","flow_id":140715104969808,"event_type":"drop","src_ip":"192.168.1.56","src_port":53176,"dest_ip":"69.46.36.28","dest_port":443,"proto":"TCP","drop":{"len":266,"tos":0,"ttl":63,"ipid":32780,"tcpseq":3070513294,"tcpack":2284897518,"tcpwin":115,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}}
>>>
>>> What is this message telling me about the drop as no rule is being shown ?
>>>
>>
>> One option is that there is a 'noalert' rule that is set to drop. It
>> will not generate alerts, but it will drop. To see these make sure to
>> enable this option:
>>
>> https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L224
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
> 
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list