[Oisf-users] How to define a few addresses in HOME_NET in suricata.yml?
Tomek Koziak
ttomek.koziak at gmail.com
Tue Oct 29 08:21:44 UTC 2019
Hi Малинкин,
you are right. Thank you. It should've been 172.20.5.0/24 , 172.20.1.0/24,
172.16.0.0/16.
Now I can observe some events. But when I ping address 172.20.5.16 from
other machine I still can only observe events when i define only
172.20.5.0/24.
What's more when I ping 172.20.5.12 I can see events in both configurations.
pon., 28 paź 2019 o 14:40 Малинкин Сергей <malinkinsa at yandex.ru> napisał(a):
> Hi, Tomek.
> 172.20.0.0/24 and 172.20.1.0/24 are part of 172.16.0.0/12.
> I think it can be reason, because syntactics is ok.
>
>
>
>
> 28.10.2019, 15:31, "Tomek Koziak" <ttomek.koziak at gmail.com>:
>
> I am trying to configure suricata in my network. When I set one HOME_NET
> in /etc/suricata/suricata.yml as :
>
> HOME_NET: "[172.20.5.0/24]"
>
> everything works fine. But when I try to define more that one pool of
> addresses as:
>
> HOME_NET: "[172.20.5.0/24,172.16.0.0/12,172.20.1.0/24]"
>
> I cannot observe any events in /var/log/suricata/log.fast How to properly
> define a few networks in HOME_NET variable?
> ,
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191029/5759671c/attachment-0001.html>
More information about the Oisf-users
mailing list