suricata alerts not working anymore #10728
Replies: 1 comment
-
|
If you run "watch so-redis-count" on the Manager node, do the numbers change? Are there any errors in the Elasticsearch or Logstash logs under /opt/so/log/elasticsearch and /opt/so/log/logstash on the Manager? There are more troubleshooting steps you can take here: https://docs.securityonion.net/en/2.3/suricata.html#troubleshooting-alerts |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
im using the default suricata rules, never touched them and all of a sudden i no longer see alerts showing up since 2 days,
i confirmed im still seeing traffic on my port mirror
i just updated as well and doesnt seem to be working,
i am capturing the WAN pppoe side,
[root@securityonion nids]# ll -h
total 25M
-rw-r--r--. 1 socore socore 25M Jul 10 13:22 all.rules
-rw-r--r--. 1 socore socore 40 Dec 30 2022 local.rules
drwxr-xr-x. 2 socore socore 51 Dec 30 2022 sorules
verified tcpdump is working
did something update? and broke something?
Beta Was this translation helpful? Give feedback.
All reactions