[Oisf-users] Suricata on DNS Sinkhole in IPS mode

Steve Castellarin steve.castellarin at gmail.com
Mon Mar 12 13:06:56 UTC 2018


Hi Blason,

I have no experience with questions 1 and 2, but for question 3 I have this
configuration to log all DNS activity:

outputs:
  - eve-log
     enabled: yes
     filetype: regular
     filename: eve-dns.json
     types:
       - dns:
         query: yes
         answer: yes

On Sun, Mar 11, 2018 at 12:00 AM, Blason R <blason16 at gmail.com> wrote:

> Hi Team,
>
> I am trying to install Suricata in IPS mode on CentOS 7. Below are the
> challenges I am facing and need help
>
> I have installed suricata using default RPM
> Downloaded the rules
>
> Now I need to start Suricata using default .yaml file,
>
>
>    1. Since CentOS7 has a different interface naming scheme how do I
>    start Suricata using systemctl?
>    2. How do I run Suricata in IPS mode to block malicious DNS queries?
>    3. How do I log DNS events in JSON so that those can be indexed in
>    elasticsearch?
>
> TIA
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180312/dad0f795/attachment-0002.html>


More information about the Oisf-users mailing list