[Oisf-users] Properly testing Suricata for alerts

419telegraph298 at protonmail.com 419telegraph298 at protonmail.com
Mon Feb 18 17:13:21 UTC 2019

thanks for the advice thus far, this is from my config:

HOME_NET: "[]"
    #HOME_NET: "[]"
    #HOME_NET: "[]"
    #HOME_NET: "[]"
    #HOME_NET: "any"

    #EXTERNAL_NET: "any"

and yeah I added the auto update rule files as the rule files in the config. Should I be running "-s signatures.rules" when I run from command line as well? Because I can't locate the signatures.rules anywhere

Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, February 13, 2019 1:41 AM, Bjørn Ruberg <bjorn at ruberg.no> wrote:

> On 13.02.2019 01:13, 419telegraph298 at protonmail.com wrote:
> > Hey - I am not sure if the rule is set for tcpdump. What should I run foo.pcap with? Kismet or Tcpdump?
> https://suricata.readthedocs.io/en/suricata-4.1.2/command-line-options.html
> Check the "-r <path>" option.
> --
> Bjørn
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

More information about the Oisf-users mailing list