I have installed Suricata on my Windows webserver to monitor the traffic and trying to run the evebox against eve.json file to view the stats and alerts. Tried few things to receive the alerts but I’m not receiving any alerts. Can you please check the attached config file? All the rules were added to the rules folder, even added my IP address to the rules list to create alert but nothing seems to be working.
suricata.yaml (79.5 KB)
What version are you running?
How does your stats.log look like?
Do you see flow events for traffic that you expect?
Hi @Andreas_Herz ,
I’m having the similar issue. Currently suricata V 6.0.13 is installed on my machine.
I’m receiving event_type such as tls,dns, snmp, fileinfo ,anomaly and http etc .
unfortunatly not alerts are seen.
What could be reason for this issue ?
I appreciate you help !
How does your config look like?
Which alerts do you expect to trigger and did you have traffic that should have triggered alerts?
@Andreas_Herz ,
I found the root cause behind it. For some reason ,my automation script was replacing the default rule path with /etc/suricata/rule in config file and suricata.rule was missing from the this path.
I made the changes to default path as var/lib/suricata/rule, It worked .
Thanks for your help.