What is wrong with y command?

I want to run Suricata-IDS on the Windows Server 2019 in the IPS mode. I downloaded https://www.openinfosecfoundation.org/downloads/windows/Suricata-6.0.3-windivert-1-64bit.msi then, I did below command:

C:\> suricata -c suricata.yaml --windivert tcp -i IP

Is it OK and how can I sure Suricata-IDS working properly?

Thank you.

Hello Jason!

A simple way to check that Suricata is working properly is to add a custom rule which you know will trigger, then check the log files to verify if you see the specific alerts there.

You can add your rule to a custom.rules file, for instance, to the rules directory indicated in the suricata.yaml file.

I don’t know details as to Suricata running on Windows, but this is the basic approach :slight_smile: