[Oisf-users] Suricata on DNS Sinkhole in IPS mode
Steve Castellarin
steve.castellarin at gmail.com
Mon Mar 12 13:06:56 UTC 2018
Hi Blason,
I have no experience with questions 1 and 2, but for question 3 I have this
configuration to log all DNS activity:
outputs:
- eve-log
enabled: yes
filetype: regular
filename: eve-dns.json
types:
- dns:
query: yes
answer: yes
On Sun, Mar 11, 2018 at 12:00 AM, Blason R <blason16 at gmail.com> wrote:
> Hi Team,
>
> I am trying to install Suricata in IPS mode on CentOS 7. Below are the
> challenges I am facing and need help
>
> I have installed suricata using default RPM
> Downloaded the rules
>
> Now I need to start Suricata using default .yaml file,
>
>
> 1. Since CentOS7 has a different interface naming scheme how do I
> start Suricata using systemctl?
> 2. How do I run Suricata in IPS mode to block malicious DNS queries?
> 3. How do I log DNS events in JSON so that those can be indexed in
> elasticsearch?
>
> TIA
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180312/dad0f795/attachment-0002.html>
More information about the Oisf-users
mailing list