[Oisf-users] TCP connection timeouts with suricata 4.0.3
Andreas Herz
andi at geekosphere.org
Thu Feb 1 23:02:38 UTC 2018
On 01/02/18 at 02:48, Gareth Parks wrote:
> I have observed the situation using tcpdump on both the server running
> suricata and the server it is trying to reach and neither registers
> the packet which suggests that the packet is put on the nfqueue for
> suricata to consume, it does so and never outputs it. Given that it is
> running in IPS mode I thought the packets were being dropped but on
> enabling the drop log no events were logged to it.
Try to observe the stats.log since there might be drops that are not
related to drop rules and thus won't show up in the drop.log.
So if the drop counter in stats.log increases it might be easier to
debug. If not we need to extend the debug process IMHO
--
Andreas Herz
More information about the Oisf-users
mailing list