[Oisf-users] How to define a few addresses in HOME_NET in suricata.yml?
Tomek Koziak
ttomek.koziak at gmail.com
Tue Oct 29 09:49:57 UTC 2019
When I have change the EXTERNAL_NET to *any* from *!$HOME_NET* it started
working. Is it a good habit?
wt., 29 paź 2019 o 09:21 Tomek Koziak <ttomek.koziak at gmail.com> napisał(a):
> Hi Малинкин,
> you are right. Thank you. It should've been 172.20.5.0/24 , 172.20.1.0/24,
> 172.16.0.0/16.
> Now I can observe some events. But when I ping address 172.20.5.16 from
> other machine I still can only observe events when i define only
> 172.20.5.0/24.
> What's more when I ping 172.20.5.12 I can see events in both
> configurations.
>
> pon., 28 paź 2019 o 14:40 Малинкин Сергей <malinkinsa at yandex.ru>
> napisał(a):
>
>> Hi, Tomek.
>> 172.20.0.0/24 and 172.20.1.0/24 are part of 172.16.0.0/12.
>> I think it can be reason, because syntactics is ok.
>>
>>
>>
>>
>> 28.10.2019, 15:31, "Tomek Koziak" <ttomek.koziak at gmail.com>:
>>
>> I am trying to configure suricata in my network. When I set one HOME_NET
>> in /etc/suricata/suricata.yml as :
>>
>> HOME_NET: "[172.20.5.0/24]"
>>
>> everything works fine. But when I try to define more that one pool of
>> addresses as:
>>
>> HOME_NET: "[172.20.5.0/24,172.16.0.0/12,172.20.1.0/24]"
>>
>> I cannot observe any events in /var/log/suricata/log.fast How to properly
>> define a few networks in HOME_NET variable?
>> ,
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191029/c432cc0c/attachment.html>
More information about the Oisf-users
mailing list