Suricata 5.0.3 IPS mode

reyss · August 5, 2020, 9:14am

Topology

how to detect log (fast.log) on suricata if i attack a server?
cause
if i attack server, log on fast.log not detected and
if i attack suricata, log on fast.log detected

syoc · August 6, 2020, 8:16am

You should use a mirror port / tap interface.
That would send all traffic going through your router or switch to the suricata box.

Another option is to change your topology and put suricata inline between your router and the internet or your router and the server.

Topic		Replies	Views
Architecture help Help ips , community , centos	2	1094	November 29, 2020
Suricata Network ids capture for Fortinet logs Help	10	3128	March 3, 2023
Suricata not showing logs from windows Help ips , community , suricata	1	589	June 26, 2022
Suricata with passive optical TAP Help	17	2328	April 17, 2024
Capture packets on a remote interface Help	18	1438	October 2, 2021

Suricata 5.0.3 IPS mode

Related Topics