Help configuring Suricata

Eirikr70 · April 14, 2024, 9:41am

Hello Suricata experts,
I am a self-hoster deploying Suricata to monitor my network traffic. Not being a network expert, I have some difficulties figuring how I should declare the ports in the dedicated variables in the suricata.yamlin order to fully benefit from the monitoring. My main concerns are about the following ports

SMTP ports 25 and 465,
IMAP4 port 993,
TURN and STURN ports 3478 and 5349 (both TCP and UDP),
TURN range 49152-49272/UDP
VPN port 51820/UDP.

Any clue in which variable I should insert each of them ?
Thanks,

Jeff_Lucovsky · April 15, 2024, 2:06pm

Note that the rule variables are variables used during rule evaluation/loading.

If the rules don’t reference the rule variables, then the rule variables are unused.

If you’re not referring to rule variables, then the default values used by Suricata are a good place to start. Suricata will auto recognize many protocols, including smtp and imap.

Topic		Replies	Views
A few basic questions about Suricata-IDS Help	1	236	December 15, 2023
Architecture help Help ips , community , centos	2	1098	November 29, 2020
Suricata running in AWS Help	2	543	October 5, 2021
Suricata as inline IPS running on VM from ESXi - Configuration Help	2	1419	February 25, 2021
Suricata not logging my outbound traffic Help suricata	1	401	June 18, 2021

Help configuring Suricata

Related Topics