Network Range is not captured in Azure

odin · February 19, 2021, 5:24am

hi, everyone.
i’m super newbie in suricata-ids

i want to capture Our Infra Network Range on Azure cloud based.
so i done build up to suricata-ids for ip range by range
but suricata-ids not capturing to the other ip address.
it can only capture to self.

please somebody help me.

ah! my infra structure is a below

Suricata - 10.0.0.4
Homenet - 10.0.0.0/24

Switch ----------- Suricata ( 10.0.0.4 )
----------- PC1 ( 10.0.0.5 )
----------- PC2 ( 10.0.0.6 )
----------- PC3 ( 10.0.0.7 )

-Symtoms-
Suricata can’t capture 10.0.0.0/24 exclude suricata ip (10.0.0.4/32)

syoc · February 19, 2021, 9:35am

Hi.

Try running tcpdump on the Suriata host. Can you see traffic from PC1-3?
It not then you have probably failed to configure the span port on the switch correctly.

Topic		Replies	Views
Suricata can't get logs from another range ip	0	44	April 10, 2024
Suricata implementation on ubuntu azure environment	1	706	December 27, 2020
Non-functional suricata at some cloud providers Help rules , suricata	22	740	August 3, 2023
Suricata as IDS and IPS on transpararent mode Help	1	510	February 27, 2023
Azure deployment of suricata Help	1	148	February 28, 2024

Network Range is not captured in Azure

Related Topics