Hi All.
I’ve got this problem that is driving me crazy, I’ve configured a VMWare Virtual Machine with Ubuntu 18 on board, and I’ve installed Suricata 6 on it. To the physical host i’ve connected 2 network adapters to two Extreme Network Swtiches (clustered) connected to my two firewalls(clustered).
From the two Switches I’ve mirrored the ports to the host, and from the host i’ve attached the two adapters to my suricata machine.
I’ve set up my home network on suricata config file and then started it, all seemed to work fine, except for the fact that suricata is logging just the incoming traffic, not the outbound and I don’t understand why.
On the same machine I’ve installed even Zeek, and from its log files I can see inbound and outbound traffic.
what am I doing wrong?
Thanks!