Security Onion 2.3.21 No all.rules file in salt for Suricata, Suricata not generating any alerts.
#2583
Replies: 1 comment 1 reply
-
|
I put in #2587 do take a look at this. It is a proxy issue. Current work around is a proxy exception. idstools does not have a proxy option so we will need to sneak an environment variable in there. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you! I'll go no proxy for the time being. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I don't have any file called: /opt/so/rules/nids/all.rules
I only have: /opt/so/rules/nids/local.rules
Thusly, Suricata is not generating any alerts, since it has no rules.
Any advice on getting those in place? I selected ETOPEN during the manager node setup, but it doesn't seem to have pulled any rules.
I think it might be related to me using a proxy. Using so-rule-update seems to fail, timing out on fetching rules. In the old version of SO, you had to add a line in the SO config to add the -W option to pulled pork, in order for it to work via proxy. Is there something like that going on here?
Beta Was this translation helpful? Give feedback.
All reactions