Network Range is not captured in Azure

odin · February 19, 2021, 5:24am

hi, everyone.
i’m super newbie in suricata-ids

i want to capture Our Infra Network Range on Azure cloud based.
so i done build up to suricata-ids for ip range by range
but suricata-ids not capturing to the other ip address.
it can only capture to self.

please somebody help me.

ah! my infra structure is a below

Suricata - 10.0.0.4
Homenet - 10.0.0.0/24

Switch ----------- Suricata ( 10.0.0.4 )
----------- PC1 ( 10.0.0.5 )
----------- PC2 ( 10.0.0.6 )
----------- PC3 ( 10.0.0.7 )

-Symtoms-
Suricata can’t capture 10.0.0.0/24 exclude suricata ip (10.0.0.4/32)

syoc · February 19, 2021, 9:35am

Hi.

Try running tcpdump on the Suriata host. Can you see traffic from PC1-3?
It not then you have probably failed to configure the span port on the switch correctly.

Topic		Replies	Views
Suricata can't get logs from another range ip	2	108	August 6, 2024
App layer not detecting flows Help	3	460	August 20, 2022
Suricata implementation on ubuntu azure environment	1	782	December 27, 2020
Weird result when comparing Suricata detections with snort (using same traffic) - what am I missing? Help	4	946	December 13, 2021
New system ip address and port details are not showing in Suricata logs Help	10	46	January 13, 2025

Network Range is not captured in Azure

Related topics