Help configuring Suricata

Eirikr70 · April 14, 2024, 9:41am

Hello Suricata experts,
I am a self-hoster deploying Suricata to monitor my network traffic. Not being a network expert, I have some difficulties figuring how I should declare the ports in the dedicated variables in the suricata.yamlin order to fully benefit from the monitoring. My main concerns are about the following ports

SMTP ports 25 and 465,
IMAP4 port 993,
TURN and STURN ports 3478 and 5349 (both TCP and UDP),
TURN range 49152-49272/UDP
VPN port 51820/UDP.

Any clue in which variable I should insert each of them ?
Thanks,

Jeff_Lucovsky · April 15, 2024, 2:06pm

Note that the rule variables are variables used during rule evaluation/loading.

If the rules don’t reference the rule variables, then the rule variables are unused.

If you’re not referring to rule variables, then the default values used by Suricata are a good place to start. Suricata will auto recognize many protocols, including smtp and imap.

Topic		Replies	Views
Question about port-groups and vpn configuration Help	1	424	August 28, 2023
Unable to resolve smtp protocol Help suricata	1	315	February 3, 2023
Suricata as NIPS Help suricata	2	34	November 13, 2024
A few basic questions about Suricata-IDS Help	1	330	December 15, 2023
Architecture help Help ips , community , centos	2	1240	November 29, 2020

Help configuring Suricata

Related topics