Hi
I have a problem when I setup Suricata version 4.x and 5.x. The model I use is the NIDS.
I have successfully configured the span port and the IDS machine can receive the traffic
When using tcpmdump I can see the http protocol logs (tcpdump -i ens1 -n port 80).
But when I create the rule to test the content is
alert http any any -> $ HOME_NET any (msg: "HUNGHAY HTTP_TEST";)
Logs http protocol are not found in eve.json and fast.log.
Can you guys help me handle this problem.
Thanks