Hello,
I want to run Suricata-IDS on the Windows Server 2019 in the IPS mode. I downloaded https://www.openinfosecfoundation.org/downloads/windows/Suricata-6.0.3-windivert-1-64bit.msi then, I did below command:
C:\> suricata -c suricata.yaml --windivert tcp -i IP
Is it OK and how can I sure Suricata-IDS working properly?
Thank you.
Hello Jason!
A simple way to check that Suricata is working properly is to add a custom rule which you know will trigger, then check the log files to verify if you see the specific alerts there.
You can add your rule to a custom.rules file, for instance, to the rules directory indicated in the suricata.yaml file.
I don’t know details as to Suricata running on Windows, but this is the basic approach 