[Oisf-users] Suricata on DNS Sinkhole in IPS mode

Blason R blason16 at gmail.com
Sun Mar 11 05:00:20 UTC 2018


Hi Team,

I am trying to install Suricata in IPS mode on CentOS 7. Below are the
challenges I am facing and need help

I have installed suricata using default RPM
Downloaded the rules

Now I need to start Suricata using default .yaml file,


   1. Since CentOS7 has a different interface naming scheme how do I start
   Suricata using systemctl?
   2. How do I run Suricata in IPS mode to block malicious DNS queries?
   3. How do I log DNS events in JSON so that those can be indexed in
   elasticsearch?

TIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180311/81a1b77f/attachment.html>


More information about the Oisf-users mailing list