So folks, about Suricata, in the files of eve.log or fast.log, does it have to appear the IP of my Internal network? Or the internet ip? Because I just configured a new installation of Suricata, and I’m trying to throw the packages from my router to Suricata, but in the eve.log file only the internal ip of my network appears, is that right? And in the case on the router I pointed the pine cone to the internet interface, I believe that something must be wrong, it should capture from my IP> to IPs on the internet, right?
How did you configure and on what interface(s) is it listening?
Without more details about your setup it’s hard to tell. Suricata is capturing the traffic that it sees on a network interface (except in the case it’s running in NFQUEUE mode or pcap run).
Hello, thanks for the return, so I configured it on my router, which is a MIkroikt to send packages to the meerkat, but it seems that the meerkat does not see these packets, only some others on the internal network.