[Oisf-users] Packet not dropped?
Andreas Herz
andi at geekosphere.org
Thu Nov 22 22:15:13 UTC 2018
On 18/11/18 at 11:33, James Moe wrote:
> On 17/11/2018 5.06 PM, Andreas Herz wrote:
>
> > Can you share how you are running suricata?
> >
> /usr/local/bin/suricata -v --pidfile /data01/var/run/suricata.pid -c
> /usr/local/etc/suricata/suricata.yaml -q 0
>
Did you check that the NFQUEUE jump is working properly?
>
> The original post showed the log entry with "[DROP]" in it. Yet the
> Alert entry showed the entry was not dropped.
Can you also post the eve.json log output as well? alert-debug is not
used much anymore, just want to make sure it's not just a log issue
withalert-debug.
--
Andreas Herz
More information about the Oisf-users
mailing list