Suricata version 7.0.4
- Operating system ubuntu 22.04.4 lts
- I installed suricata like the 2. Quickstart guide — Suricata 8.0.0-dev documentation suggests
so my problem is the suricata.yaml file is configured as the docs suggests but when i do the testmynids test the fast.log don’t record anything
can anyone help me please its for my end of studies project.
Attach your suricata.yaml, stats.log and also suricata.log as well as the start command.
Do you see any events in the flows for your test?
stats.log (2.3 MB)
suricata.yaml (83.1 KB)
suricata.log (38.0 KB)
fast.log (464 Bytes)
I used sudo systemctl start suricata.
i tried hping3 as another type of attack but it didn’t show anything about it.
also I’m currently using Oracle VM VirtualBox.
if you need any other information I will gladly provide you with it, thanks for the help I really appreciate it.
You could check in the eve.json if the flow for the IP is seen that you use to trigger the testmynids to check if the actual forwarding is seen.
If not you would have to check the forwarding to the enp0s3 interface is working, this depends on your network setup.
Also worth to run tcpdump on the interface and check if you can see the traffic that you expect to appear.
