Hello,
I’m running Suricata 7.0.2 in IPS mode on Ubuntu.
I’m trying to figure out why I’m only getting drop events but not getting any alerts in the eve log. the drop events contain the flow bits set by the alert which means that it is being triggered by not shown for some reason.
This is my config of the eve log file.
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
level: debug
types:
- alert:
payload-printable: yes
tagged-packets: yes
- drop:
alerts: yes
flows: start
- http:
enabled: no
- dns:
enabled: no
- tls:
enabled: no
Any ideas?
Thanks